WO2025194372A1

WO2025194372A1 - Wireless communication with access control on a service-based architecture

Info

Publication number: WO2025194372A1
Application number: PCT/CN2024/082624
Authority: WO
Inventors: Jianhua Liu; Gavin Bernard Horn; Ozcan Ozturk; Lenaig Genevieve CHAPONNIERE
Original assignee: Qualcomm Inc
Current assignee: Qualcomm Inc
Priority date: 2024-03-20
Filing date: 2024-03-20
Publication date: 2025-09-25
Anticipated expiration: 2026-09-20

Abstract

An access control service for wireless communication obtains information for one or more services in a wireless network with a service-based architecture. The access control service provides, based on the information from the one or more services, an access control configuration for one or more cells. A network node provides information to the access control service in a wireless network and receives an access control configuration from the access control service based, at least in part, on the information and additional information for one or more services of the wireless network. The network node provides the access control configuration for at least one user equipment (UE). A UE receives an access control configuration from an access control service and determines whether to access a service of the wireless network based on the access control configuration and at least one of incoming traffic or service information.

Description

WIRELESS COMMUNICATION WITH ACCESS CONTROL ON A SERVICE-BASED ARCHITECTURE

INTRODUCTION

The present disclosure relates generally to communication systems, and more particularly, to wireless communication that includes access control.

Wireless communication systems are widely deployed to provide various telecommunication services such as telephony, video, data, messaging, and broadcasts. Typical wireless communication systems may employ multiple-access technologies capable of supporting communication with multiple users by sharing available system resources. Examples of such multiple-access technologies include code division multiple access (CDMA) systems, time division multiple access (TDMA) systems, frequency division multiple access (FDMA) systems, orthogonal frequency division multiple access (OFDMA) systems, single-carrier frequency division multiple access (SC-FDMA) systems, and time division synchronous code division multiple access (TD-SCDMA) systems.

These multiple access technologies have been adopted in various telecommunication standards to provide a common protocol that enables different wireless devices to communicate on a municipal, national, regional, and even global level. An example telecommunication standard is 5G New Radio (NR) . 5G NR is part of a continuous mobile broadband evolution promulgated by Third Generation Partnership Project (3GPP) to meet new requirements associated with latency, reliability, security, scalability (e.g., with Internet of Things (IoT) ) , and other requirements. 5G NR includes services associated with enhanced mobile broadband (eMBB) , massive machine type communications (mMTC) , and ultra-reliable low latency communications (URLLC) . Some aspects of 5G NR may be based on the 4G Long Term Evolution (LTE) standard. There exists a need for further improvements in 5G NR technology. These improvements may also be applicable to other multi-access technologies and the telecommunication standards that employ these technologies.

BRIEF SUMMARY

The following presents a simplified summary of one or more aspects in order to provide a basic understanding of such aspects. This summary is not an extensive overview of all contemplated aspects. This summary neither identifies key or critical elements of all aspects nor delineates the scope of any or all aspects. Its sole purpose is to present some concepts of one or more aspects in a simplified form as a prelude to the more detailed description that is presented later.

In some aspects, the techniques described herein relate to an apparatus for an access control service for wireless communication, including: one or more memories; and one or more processors coupled to the one or more memories and configured to cause the access control service to: obtain, at the access control service, information for one or more services in a wireless network with a service-based architecture; and provide, based on the information from the one or more services, an access control configuration for one or more cells.

In some aspects, the techniques described herein relate to a method of wireless communication at an access control service for wireless communication, including: obtaining, at the access control service, information for one or more services in a wireless network with a service-based architecture; and providing, based on the information from the one or more services, an access control configuration for one or more cells.

In some aspects, the techniques described herein relate to an apparatus for wireless communication at an access control service for wireless communication, including: means for obtaining, at the access control service, information for one or more services in a wireless network with a service-based architecture; and means for providing, based on the information from the one or more services, an access control configuration for one or more cells.

In an aspect of the disclosure, a computer-readable storage medium is provided. The computer-readable medium stores computer executable code at an access control service for wireless communication, the code when executed by one or more processors causes the access control service to: obtain, at the access control service, information for one or more services in a wireless network with a service-based architecture; and provide, based on the information from the one or more services, an access control configuration for one or more cells.

In some aspects, the techniques described herein relate to an apparatus for wireless communication at a network node, including: one or more memories; and one or more processors coupled to the one or more memories and configured to cause the network node to: provide information to an access control service in a wireless network; receive an access control configuration from the access control service based, at least in part, on the information and additional information for one or more services of the wireless network; and provide the access control configuration for at least one user equipment (UE) .

In some aspects, the techniques described herein relate to a method of wireless communication at a network node, including: providing information to an access control service in a wireless network; receiving an access control configuration from the access control service based, at least in part, on the information and additional information for one or more services of the wireless network; and providing the access control configuration for at least one user equipment (UE) .

In some aspects, the techniques described herein relate to an apparatus for wireless communication at a network node, including: means for providing information to an access control service in a wireless network; means for receiving an access control configuration from the access control service based, at least in part, on the information and additional information for one or more services of the wireless network; and means for providing the access control configuration for at least one user equipment (UE) .

In an aspect of the disclosure, a computer-readable storage medium is provided. The computer-readable medium stores computer executable code at a network node, the code when executed by one or more processors causes the network node to: provide information to an access control service in a wireless network; receive an access control configuration from the access control service based, at least in part, on the information and additional information for one or more services of the wireless network; and provide the access control configuration for at least one user equipment (UE) .

In some aspects, the techniques described herein relate to an apparatus for wireless communication at a user equipment (UE) , including: one or more memories; and one or more processors coupled to the one or more memories and configured to cause the UE to: receive an access control configuration from an access control service in a wireless network that has a service-based architecture; and determine whether to access a service of the wireless network based on the access control configuration from the access control service and at least one of incoming traffic or service information.

In some aspects, the techniques described herein relate to a method of wireless communication at a UE, including: receiving an access control configuration from an access control service in a wireless network that has a service-based architecture; and determining whether to access a service of the wireless network based on the access control configuration from the access control service and at least one of incoming traffic or service information.

In some aspects, the techniques described herein relate to an apparatus for wireless communication at a UE, including: means for receiving an access control configuration from an access control service in a wireless network that has a service-based architecture; and means for determining whether to access a service of the wireless network based on the access control configuration from the access control service and at least one of incoming traffic or service information.

In an aspect of the disclosure, a computer-readable storage medium is provided. The computer-readable medium stores computer executable code at a UE, the code when executed by one or more processors causes the UE to: receive an access control configuration from an access control service in a wireless network that has a service-based architecture; and determine whether to access a service of the wireless network based on the access control configuration from the access control service and at least one of incoming traffic or service information.

In some aspects, the techniques described herein relate to an apparatus for a service for wireless communication, including: one or more memories; and one or more processors coupled to the one or more memories and configured to cause the service to: provide information for the service to one or more access control services; and receive an attempt for access to the service for a user equipment (UE) based on an access control configuration from an access control service of the one or more access control services.

In some aspects, the techniques described herein relate to a method of wireless communication at a service for wireless communication, including: providing information for the service to one or more access control services; and receiving an attempt for access to the service for a user equipment (UE) based on an access control configuration from an access control service of the one or more access control services.

In some aspects, the techniques described herein relate to an apparatus for wireless communication at a service for wireless communication, including: means for providing information for the service to one or more access control services; and means for receiving an attempt for access to the service for a user equipment (UE) based on an access control configuration from an access control service of the one or more access control services.

In an aspect of the disclosure, a computer-readable storage medium is provided. The computer-readable medium stores computer executable code at a service for wireless communication, the code when executed by one or more processors causes the service to: provide information for the service to one or more access control services; and receive an attempt for access to the service for a user equipment (UE) based on an access control configuration from an access control service of the one or more access control services.

To the accomplishment of the foregoing and related ends, the one or more aspects may include the features hereinafter fully described and particularly pointed out in the claims. The following description and the drawings set forth in detail certain illustrative features of the one or more aspects. These features are indicative, however, of but a few of the various ways in which the principles of various aspects may be employed.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram illustrating an example of a wireless communications system and an access network (NW) , in accordance with various aspects of the present disclosure.

FIG. 2 shows a diagram illustrating architecture of an example of a disaggregated base station, in accordance with various aspects of the present disclosure.

FIG. 3A is a diagram illustrating an example of a first subframe within a frame structure, in accordance with various aspects of the present disclosure.

FIG. 3B is a diagram illustrating an example of downlink (DL) channels within a subframe, in accordance with various aspects of the present disclosure.

FIG. 3C is a diagram illustrating an example of a second subframe within a frame structure, in accordance with various aspects of the present disclosure.

FIG. 3D is a diagram illustrating an example of uplink (UL) channels within a subframe, in accordance with various aspects of the present disclosure.

FIG. 4 is a block diagram illustrating an example of a base station in communication with a user equipment (UE) in an access network, in accordance with various aspects of the present disclosure.

FIG. 5A is a diagram illustrating an example function split between a core network and a RAN.

FIG. 5B is a diagram illustrating example aspects of a cloud platform for a wireless network that may include a merger of core network and RAN services, in accordance with various aspects of the present disclosure.

FIG. 6 illustrates an example functional split between the core network and the RAN, in accordance with various aspects of the present disclosure.

FIG. 7A is a diagram showing example protocols at a core network and a radio area network (RAN) .

FIG. 7B is a diagram showing RLC and/or MAC functions and PHY layer aspects separate from the services, in accordance with various aspects of the present disclosure.

FIG. 7C is a diagram that illustrates an example of addressing and routing for packet transport between a service and a UE via the RAN, e.g., including the eDU, in accordance with various aspects of the present disclosure.

FIG. 8A illustrates an example of a centralized access control service in a service-based network architecture for wireless communication, in accordance with various aspects of the present disclosure.

FIG. 8B illustrates an example of input and output for an access control service, in accordance with various aspects of the present disclosure.

FIG. 9 illustrates an example of a distributed access control service in a service-based network architecture for wireless communication, in accordance with various aspects of the present disclosure.

FIG. 10 illustrates an example call flow diagram illustrating an example of access control configurations from a central access control service that may be broadcast as system information, in accordance with various aspects of the present disclosure.

FIG. 11 illustrates an example call flow diagram illustrating an example of access control configurations from a central access control service that may be provided in response to a request, in accordance with various aspects of the present disclosure.

FIG. 12 illustrates an example call flow diagram illustrating an example of access control configurations from a distributed access control service that may be broadcast as system information, in accordance with various aspects of the present disclosure.

FIG. 13 illustrates an example call flow diagram illustrating an example of access control configurations from a distributed access control service that may be provided in response to a request, in accordance with various aspects of the present disclosure.

FIG. 14 is a flowchart of a method of access control configuration at an access control service, in accordance with various aspects of the present disclosure.

FIG. 15 is a flowchart of a method of wireless communication at a network node, in accordance with various aspects of the present disclosure.

FIG. 16 is a flowchart of a method wireless communication at a UE, in accordance with various aspects of the present disclosure.

FIG. 17 is a flowchart of a method of a service in a wireless network, in accordance with various aspects of the present disclosure.

FIG. 18 is a diagram illustrating an example of a hardware implementation for an example apparatus and/or UE, in accordance with various aspects of the present disclosure.

FIG. 19 is a diagram illustrating an example of a hardware implementation for an example network entity, in accordance with various aspects of the present disclosure.

FIG. 20 is a diagram illustrating an example of a hardware implementation for an example access control service, in accordance with various aspects of the present disclosure.

FIG. 21 is a diagram illustrating an example of a hardware implementation for an example service, in accordance with various aspects of the present disclosure.

DETAILED DESCRIPTION

A wireless network may have a service-based architecture that combines core network and radio access network (RAN) node functions. The service-based architecture may be provided on a cloud platform using application programming (API) interface. In contrast to a functional split between a core network and a radio area network (RAN) , the “service-based architecture” may host a combination of core network and radio area network (RAN) services on a cloud platform. A “service” refers to a functionality exposed by a network entity through a service-based interface and consumed by other network entities. The services may provide various functions for the wireless network. Examples of services may include access control services, mobility services, public warning system (PWS) services, vehicle-to-anything (V2X) services, multicast and broadcast services (MBS) services, positioning services, a system information (SI) service, a slice service, a terrestrial network (TN) service, a non-terrestrial network (NTN) service, a standalone non-public network (SNPN) service, a time sensitive network (TSN) service, or an enhanced distributed unit (eDU) , among other examples. The service based architecture enables individual services hosted on the wireless network platform to be adjusted or upgraded independent of other services. In a wireless network without a service-based architecture (e.g., such as an NR wireless system without a service-based architecture) , a unified access control (UAC) framework may be employed. Depending on a network operator’s policy, deployment scenarios, subscriber profiles, and available services, different criterion may be used to determine which access attempts will be allowed or blocked when congestion occurs in the system. In a wireless network that supports a service-based architecture, the access control related mechanisms may be adapted to the service-based architecture and may provide protecting mechanism for the intended service, e.g., if the service suffers from a processing overload. Aspects presented herein provide an access control framework that includes an access control service as one of the services in a service-based architecture. An “access control service, ” as used herein, refers to a service that generates, manages, and provides access control configurations with one or more access control parameters for one or more services of the wireless network. The access control service enables access control configurations based on a more global view of the load at various services.

An “access control configuration” includes one or more parameters that affect access control to a network service, including eDUs. A set of one or more parameters in the access control configuration may be referred to as an “access control profile. ” In some aspects, the parameters may be referred to as “barring parameters, ” as they indicate to UEs the access identities and/or access categories that are allowed to access a service or that are barred (e.g., not permitted) to access the service. The UE may use the access control configuration to determine whether to attempt access to a particular service. The term “attempt access” may refer to the transmission of one or more messages to attempt to establish a connection to a cell, a network node, or to access a service of the network.

As described herein, an access control service may receive access control assistance information from one or more services of the network, and can use the information to generate and provide access control configurations. The access control service enables a more global view of the load at various services and enables the access control service to generate access control configurations that help to protect services, including eDUs, from overloading or that address overloading (e.g., a load above a threshold or a capacity supported by a service) at one or more services. “Access control assistance information” may refer to information that assists the access control service in generating access control configurations. Examples of access control assistance information include a service load status (e.g., a load percentage) , a service priority, a cell load status for one or more cells, a radio resource load status, an associated area, and/or associated timing information. A cell provides network coverage and service to a UE, for example. In some aspects, the access control service may be a centralized service that provides access control configurations for multiple eDUs. The centralized access control service enables access control configurations based on a more global view of load, or other aspects, experienced by various services. In some aspects, the access control service may be a distributed access control service that is co-located with an eDU. This enables an access control service that may be co-located with an eDU, for example.

Although example aspects are described as being performed by an eDU as an example of a network node in a wireless network that transmits and receives signaling with a UE, the network node may also be referred to by other names, such as a base station, a 6G base station, a radio node, a RAN, a RAN node, a 6G RAN, a network entity, or a DU, among others.

The detailed description set forth below in connection with the drawings describes various configurations and does not represent the only configurations in which the concepts described herein may be practiced. The detailed description includes specific details for the purpose of providing a thorough understanding of various concepts. However, these concepts may be practiced without these specific details. In some instances, well known structures and components are shown in block diagram form in order to avoid obscuring such concepts.

Several aspects of telecommunication systems are presented with reference to various apparatus and methods. These apparatus and methods are described in the following detailed description and illustrated in the accompanying drawings by various blocks, components, circuits, processes, algorithms, etc. (collectively referred to as “elements” ) . These elements may be implemented using electronic hardware, computer software, or any combination thereof. Whether such elements are implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system.

By way of example, an element, or any portion of an element, or any combination of elements may be implemented as a “processing system” that includes one or more processors. When multiple processors are implemented, the multiple processors may perform the functions individually or in combination. Examples of processors include microprocessors, microcontrollers, graphics processing units (GPUs) , central processing units (CPUs) , application processors, digital signal processors (DSPs) , reduced instruction set computing (RISC) processors, systems on a chip (SoC) , baseband processors, field programmable gate arrays (FPGAs) , programmable logic devices (PLDs) , state machines, gated logic, discrete hardware circuits, and other suitable hardware configured to perform the various functionality described throughout this disclosure. One or more processors in the processing system may execute software. Software, whether referred to as software, firmware, middleware, microcode, hardware description language, or otherwise, shall be construed broadly to mean instructions, instruction sets, code, code segments, program code, programs, subprograms, software components, applications, software applications, software packages, routines, subroutines, objects, executables, threads of execution, procedures, functions, or any combination thereof.

Accordingly, in one or more example aspects, implementations, and/or use cases, the functions described may be implemented in hardware, software, or any combination thereof. If implemented in software, the functions may be stored on or encoded as one or more instructions or code on a computer-readable medium. Computer-readable media includes computer storage media. Storage media may be any available media that can be accessed by a computer. By way of example, such computer-readable media can include a random-access memory (RAM) , a read-only memory (ROM) , an electrically erasable programmable ROM (EEPROM) , optical disk storage, magnetic disk storage, other magnetic storage devices, combinations of the types of computer-readable media, or any other medium that can be used to store computer executable code in the form of instructions or data structures that can be accessed by a computer.

While aspects, implementations, and/or use cases are described in this application by illustration to some examples, additional or different aspects, implementations and/or use cases may come about in many different arrangements and scenarios. Aspects, implementations, and/or use cases described herein may be implemented across many differing platform types, devices, systems, shapes, sizes, and packaging arrangements. For example, aspects, implementations, and/or use cases may come about via integrated chip implementations and other non-module-component based devices (e.g., end-user devices, vehicles, communication devices, computing devices, industrial equipment, retail/purchasing devices, medical devices, artificial intelligence (AI) -enabled devices, etc. ) . While some examples may or may not be specifically directed to use cases or applications, a wide assortment of applicability of described examples may occur. Aspects, implementations, and/or use cases may range a spectrum from chip-level or modular components to non-modular, non-chip-level implementations and further to aggregate, distributed, or original equipment manufacturer (OEM) devices or systems incorporating one or more techniques herein. In some practical settings, devices incorporating described aspects and features may also include additional components and features for implementation and practice of claimed and described aspect. For example, transmission and reception of wireless signals necessarily includes a number of components for analog and digital purposes (e.g., hardware components including antenna, RF-chains, power amplifiers, modulators, buffer, processor (s) , interleaver, adders/summers, etc. ) . Techniques described herein may be practiced in a wide variety of devices, chip-level components, systems, distributed arrangements, aggregated or disaggregated components, end-user devices, etc. of varying sizes, shapes, and constitution.

Deployment of communication systems, such as 5G NR systems, may be arranged in multiple manners with various components or constituent parts. In a 5G NR system, or network, a network node, a network entity, a mobility element of a network, a radio access network (RAN) node, a core network node, a network element, or a network equipment, such as a base station (BS) , or one or more units (or one or more components) performing base station functionality, may be implemented in an aggregated or disaggregated architecture. For example, a BS (such as a Node B (NB) , evolved NB (eNB) , NR BS, 5G NB, access point (AP) , a transmission reception point (TRP) , or a cell, etc. ) may be implemented as an aggregated base station (also known as a standalone BS or a monolithic BS) or a disaggregated base station.

An aggregated base station may be configured to utilize a radio protocol stack that is physically or logically integrated within a single RAN node. A disaggregated base station may be configured to utilize a protocol stack that is physically or logically distributed among two or more units (such as one or more central or centralized units (CUs) , one or more distributed units (DUs) , or one or more radio units (RUs) ) . In some aspects, a CU may be implemented within a RAN node, and one or more DUs may be co-located with the CU, or alternatively, may be geographically or virtually distributed throughout one or multiple other RAN nodes. The DUs may be implemented to communicate with one or more RUs. Each of the CU, DU and RU can be implemented as virtual units, i.e., a virtual central unit (VCU) , a virtual distributed unit (VDU) , or a virtual radio unit (VRU) .

Base station operation or network design may consider aggregation characteristics of base station functionality. For example, disaggregated base stations may be utilized in an integrated access backhaul (IAB) network, an open radio access network (O-RAN (such as the network configuration sponsored by the O-RAN Alliance) ) , or a virtualized radio access network (vRAN, also known as a cloud radio access network (C-RAN) ) . Disaggregation may include distributing functionality across two or more units at various physical locations, as well as distributing functionality for at least one unit virtually, which can enable flexibility in network design. The various units of the disaggregated base station, or disaggregated RAN architecture, can be configured for wired or wireless communication with at least one other unit.

FIG. 1 is a diagram illustrating an example of a wireless communications system and an access network 100. The wireless communications system (also referred to as a wireless wide area network (WWAN) ) includes base stations 102, UEs 104, an Evolved Packet Core (e.g., an EPC 160) , and another core network 190 (e.g., a 5G Core (5GC) ) . As presented herein, the wireless communication system may have a merged core network and RAN platform having a service-based architecture on a cloud platform, such as described in connection with any of FIGs. 5B, 6, 7B, 7C, 9, for example.

The radio node, which may be referred to as a base station 102, may include macrocells (high power cellular base station) and/or small cells (low power cellular base station) . The small cells include femtocells, picocells, and microcells.

The base stations 102 configured for 4G LTE (collectively referred to as Evolved Universal Mobile Telecommunications System (UMTS) Terrestrial Radio Access Network (E-UTRAN) ) may interface with the EPC 160 through first backhaul links 132 (e.g., S1 interface) . The base stations 102 configured for 5G NR (collectively referred to as Next Generation RAN (NG-RAN) ) may interface with core network 190 through second backhaul links 184. The radio nodes configured for 6G, or other service-based architectures, may have an API interface 178 with various services of the core network, such as described in connection with any of FIGs. 5B, 6, 7B, 7C, 9, for example. The service-based architectures may include services, e.g., as represented by service 175 and access control service 173, and applications 177. FIG. 1 illustrates an eDU 171 as an example radio node, although such radio nodes may also be referred to as a DU, a network node, a network entity, or by other names.

In addition to other functions, the base stations 102 may perform one or more of the following functions: transfer of user data, radio channel ciphering and deciphering, integrity protection, header compression, mobility control functions (e.g., handover, dual connectivity) , inter-cell interference coordination, connection setup and release, load balancing, distribution for non-access stratum (NAS) messages, NAS node selection, synchronization, radio access network (RAN) sharing, multimedia broadcast multicast service (MBMS) , subscriber and equipment trace, RAN information management (RIM) , paging, positioning, and delivery of warning messages. The base stations 102 may communicate directly or indirectly (e.g., through the EPC 160 or core network 190) with each other over third backhaul links 134 (e.g., X2 interface) . The first backhaul links 132, the second backhaul links 184, and the third backhaul links 134 may be wired or wireless.

In some aspects, a base station (e.g., one of the base stations 102 or one of base stations 180) may be referred to as a RAN, or a radio node, and may include aggregated or disaggregated components. As an example of a disaggregated RAN, a base station or radio node may include a central unit (CU) (e.g., a CU 106) , one or more DUs (e.g., a DU 105) , and/or one or more remote units (RU) (e.g., an RU 109) , as illustrated in FIG. 1. A RAN may be disaggregated with a split between the RU 109 and an aggregated CU/DU. A RAN may be disaggregated with a split between the CU 106, the DU 105, and the RU 109. A RAN may be disaggregated with a split between the CU 106 and an aggregated DU/RU. The CU 106 and the one or more DUs may be connected via an F1 interface. A DU 105 and an RU 109 may be connected via a fronthaul interface. A connection between the CU 106 and a DU 105 may be referred to as a midhaul, and a connection between a DU 105 and the RU 109 may be referred to as a fronthaul. The connection between the CU 106 and the core network 190 may be referred to as the backhaul.

The RAN may be based on a functional split between various components of the RAN, e.g., between the CU 106, the DU 105, or the RU 109. The CU 106 may be configured to perform one or more aspects of a wireless communication protocol, e.g., handling one or more layers of a protocol stack, and the one or more DUs may be configured to handle other aspects of the wireless communication protocol, e.g., other layers of the protocol stack. In different implementations, the split between the layers handled by the CU and the layers handled by the DU may occur at different layers of a protocol stack. As one, non-limiting example, a DU 105 may provide a logical node to host a radio link control (RLC) layer, a medium access control (MAC) layer, and at least a portion of a physical (PHY) layer based on the functional split. An RU may provide a logical node configured to host at least a portion of the PHY layer and radio frequency (RF) processing. The CU 106 may host higher layer functions, e.g., above the RLC layer, such as a service data adaptation protocol (SDAP) layer, a packet data convergence protocol (PDCP) layer, and/or an upper layer. In other implementations, the split between the layer functions provided by the CU, the DU, or the RU may be different.

A different functional split may be provided for an eDU in a service-based architecture, e.g., as described in connection with FIGs. 5B and 6.

The base stations 102, or radio nodes, may wirelessly communicate with the UEs 104. Each of the base stations 102 may provide communication coverage for a respective geographic coverage area 110. There may be overlapping geographic coverage areas. For example, a small cell may have a coverage area 111 that overlaps the respective geographic coverage area 110 of one or more base stations (e.g., one or more macro base stations, such as the base stations 102) . A network that includes both small cell and macrocells may be known as a heterogeneous network. A heterogeneous network may also include Home Evolved Node Bs (eNBs) (HeNBs) , which may provide service to a restricted group known as a closed subscriber group (CSG) . The communication links 120 between the base stations 102 and the UEs 104 may include uplink (UL) (also referred to as reverse link) transmissions from a UE to a base station and/or downlink (DL) (also referred to as forward link) transmissions from a base station to a UE. The communication links 120 may use multiple-input and multiple-output (MIMO) antenna technology, including spatial multiplexing, beamforming, and/or transmit diversity. The communication links may be through one or more carriers. The base stations 102 /UEs 104 may use spectrum up to Y MHz (e.g., 5, 10, 15, 20, 100, 400, etc. MHz) bandwidth per carrier allocated in a carrier aggregation of up to a total of Yx MHz (x component carriers) used for transmission in each direction. The carriers may or may not be adjacent to each other. Allocation of carriers may be asymmetric with respect to DL and UL (e.g., more or fewer carriers may be allocated for DL than for UL) . The component carriers may include a primary component carrier and one or more secondary component carriers. A primary component carrier may be referred to as a primary cell (PCell) and a secondary component carrier may be referred to as a secondary cell (SCell) .

Certain UEs may communicate with each other using device-to-device (D2D) communication links, such as a D2D communication link 158. The D2D communication link 158 may use the DL/UL WWAN spectrum. The D2D communication link 158 may use one or more sidelink channels, such as a physical sidelink broadcast channel (PSBCH) , a physical sidelink discovery channel (PSDCH) , a physical sidelink shared channel (PSSCH) , and a physical sidelink control channel (PSCCH) . D2D communication may be through a variety of wireless D2D communications systems, such as for example, Bluetooth^TM (Bluetooth is a trademark of the Bluetooth Special Interest Group (SIG) ) , Wi-Fi^TM (Wi-Fi is a trademark of the Wi-Fi Alliance) based on the Institute of Electrical and Electronics Engineers (IEEE) , Wi-Fi based on the IEEE 802.11 standard, LTE, or NR. Some wireless communication networks may include vehicle-based communication devices that can communicate from vehicle-to-vehicle (V2V) , vehicle-to-infrastructure (V2I) (e.g., from the vehicle-based communication device to road infrastructure nodes such as a Road Side Unit (RSU) ) , vehicle-to-network (V2N) (e.g., from the vehicle-based communication device to one or more network nodes, such as a base station) , vehicle-to-pedestrian (V2P) , cellular vehicle-to-everything (C-V2X) , and/or a combination thereof and/or with other devices, which can be collectively referred to as vehicle-to-anything (V2X) communications. Referring again to FIG. 1, in certain aspects, a UE 104, e.g., a transmitting Vehicle User Equipment (VUE) or other UE, may be configured to transmit messages directly to another UE 104. The communication may be based on V2X or other D2D communication, such as Proximity Services (ProSe) , etc.

The wireless communications system may further include a Wi-Fi access point (AP) , such as an AP 150, in communication with Wi-Fi stations (STAs) , such as STAs 152, via communication links 154, e.g., in a 5 GHz unlicensed frequency spectrum or the like. When communicating in an unlicensed frequency spectrum, the STAs 152 /AP 150 may perform a clear channel assessment (CCA) prior to communicating in order to determine whether the channel is available.

The small cell may operate in a licensed and/or an unlicensed frequency spectrum. When operating in an unlicensed frequency spectrum, the small cell may employ NR and use the same unlicensed frequency spectrum (e.g., 5 GHz, or the like) as used by the AP 150. The small cell, employing NR in an unlicensed frequency spectrum, may boost coverage to and/or increase capacity of the access network.

The electromagnetic spectrum is often subdivided, based on frequency/wavelength, into various classes, bands, channels, etc. In 5G NR, two initial operating bands have been identified as frequency range designations FR1 (410 MHz –7.125 GHz) and FR2 (24.25 GHz –52.6 GHz) . Although a portion of FR1 is greater than 6 GHz, FR1 is often referred to (interchangeably) as a “sub-6 GHz” band in various documents and articles. A similar nomenclature issue sometimes occurs with regard to FR2, which is often referred to (interchangeably) as a “millimeter wave” band in documents and articles, despite being different from the extremely high frequency (EHF) band (30 GHz –300 GHz) which is identified by the International Telecommunications Union (ITU) as a “millimeter wave” band.

The frequencies between FR1 and FR2 are often referred to as mid-band frequencies. Recent 5G NR studies have identified an operating band for these mid-band frequencies as frequency range designation FR3 (7.125 GHz –24.25 GHz) . Frequency bands falling within FR3 may inherit FR1 characteristics and/or FR2 characteristics, and thus may effectively extend features of FR1 and/or FR2 into mid-band frequencies. In addition, higher frequency bands are currently being explored to extend 5G NR operation beyond 52.6 GHz. For example, three higher operating bands have been identified as frequency range designations FR2-2 (52.6 GHz –71 GHz) , FR4 (71 GHz –114.25 GHz) , and FR5 (114.25 GHz –300 GHz) . Each of these higher frequency bands falls within the EHF band.

With the above aspects in mind, unless specifically stated otherwise, the term “sub-6 GHz” or the like if used herein may broadly represent frequencies that may be less than 6 GHz, may be within FR1, or may include mid-band frequencies. Further, unless specifically stated otherwise, the term “millimeter wave” or the like if used herein may broadly represent frequencies that may include mid-band frequencies, may be within FR2, FR4, FR2-2, and/or FR5, or may be within the EHF band.

A base station, whether a small cell or a large cell (e.g., a macro base station) , may include and/or be referred to as an eDU, a radio node, a network node, a network entity, an eNB, gNodeB (gNB) , or another type of base station. Some base stations, such as a gNB, may operate in a traditional sub 6 GHz spectrum, in millimeter wave frequencies, and/or near millimeter wave frequencies in communication with the UEs 104. When the gNB operates in millimeter wave or near millimeter wave frequencies, the base stations 180 may be referred to as a millimeter wave base station. A millimeter wave base station may utilize beamforming 182 with the UEs 104 to compensate for the path loss and short range. The base stations 180 and the UEs 104 may each include a plurality of antennas, such as antenna elements, antenna panels, and/or antenna arrays to facilitate the beamforming.

The base stations 180 may transmit a beamformed signal to the UEs 104 in one or more transmit directions 185. The UEs 104 may receive the beamformed signal from the base stations 180 in one or more receive directions 183. The UEs 104 may also transmit a beamformed signal to the base stations 180 in one or more transmit directions (e.g., 183) . The base stations 180 may receive the beamformed signal from the UEs 104 in one or more receive directions (e.g., 185) . The base stations 180 /UEs 104 may perform beam training to determine the best receive and transmit directions for each of the base stations 180 /UEs 104. The transmit and receive directions for the base stations 180 may or may not be the same. The transmit and receive directions for the UEs 104 may or may not be the same.

The EPC 160 may include a Mobility Management Entity (e.g., an MME 162) , other MMEs 164, a Serving Gateway 166, a Multimedia Broadcast Multicast Service (MBMS) Gateway (e.g., a MBMS Gateway 168) , a Broadcast Multicast Service Center (BM-SC) (e.g., a BM-SC 170) , and a Packet Data Network (PDN) Gateway (e.g., a PDN Gateway 172) . The MME 162 may be in communication with a Home Subscriber Server (HSS) (e.g., an HSS 174) . The MME 162 is the control node that processes the signaling between the UEs 104 and the EPC 160. Generally, the MME 162 provides bearer and connection management. All user Internet protocol (IP) packets are transferred through the Serving Gateway 166, which itself is connected to the PDN Gateway 172. The PDN Gateway 172 provides UE IP address allocation as well as other functions. The PDN Gateway 172 and the BM-SC 170 are connected to the IP Services 176. The IP Services 176 may include the Internet, an intranet, an IP Multimedia Subsystem (IMS) , a PS Streaming Service, and/or other IP services. The BM-SC 170 may provide functions for MBMS user service provisioning and delivery. The BM-SC 170 may serve as an entry point for content provider MBMS transmission, may be used to authorize and initiate MBMS Bearer Services within a public land mobile network (PLMN) , and may be used to schedule MBMS transmissions. The MBMS Gateway 168 may be used to distribute MBMS traffic to the base stations 102 belonging to a Multicast Broadcast Single Frequency Network (MBSFN) area broadcasting a particular service, and may be responsible for session management (start/stop) and for collecting eMBMS related charging information.

The core network 190 may include an Access and Mobility Management Function (AMF) (e.g., an AMF 192) , other AMFs 193, a Session Management Function (SMF) 194, and a User Plane Function (UPF) (e.g., a UPF 195) . The AMF 192 may be in communication with a Unified Data Management (UDM) 196. The AMF 192 is the control node that processes the signaling between the UEs 104 and the core network 190. Generally, the AMF 192 provides QoS flow and session management. All user Internet protocol (IP) packets are transferred through the UPF 195. The UPF 195 provides UE IP address allocation as well as other functions. The UPF 195 is connected to the IP Services 197. The IP Services 197 may include the Internet, an intranet, an IP Multimedia Subsystem (IMS) , a Packet Switch (PS) Streaming (PSS) Service, and/or other IP services.

The base stations 102 may include and/or be referred to as a gNB, Node B, eNB, an access point, a base transceiver station, a radio base station, a radio transceiver, a transceiver function, a basic service set (BSS) , an extended service set (ESS) , a transmission reception point (TRP) , network node, network entity, network equipment, eDU, or some other suitable terminology. The base stations 102 can be implemented as an integrated access and backhaul (IAB) node, a relay node, a sidelink node, an aggregated (monolithic) base station with a baseband unit (BBU) (including a CU and a DU) and an RU, or as a disaggregated base station including one or more of a CU, a DU, an eDU, and/or an RU. In some aspects, base stations, which may include disaggregated base stations and/or aggregated base stations, may be referred to as next generation (NG) RAN (NG-RAN) . The base stations 102 provide an access point to a core network, such as the EPC 160, core network 190, and/or services 175 for the UEs 104.

Examples of UEs include a cellular phone, a smart phone, a session initiation protocol (SIP) phone, a laptop, a personal digital assistant (PDA) , a satellite radio, a global positioning system, a multimedia device, a video device, a digital audio player (e.g., MP3 player) , a camera, a game console, a tablet, a smart device, a wearable device, a vehicle, an electric meter, a gas pump, a large or small kitchen appliance, a healthcare device, an implant, a sensor/actuator, a display, or any other similar functioning device. Some of the UEs may be referred to as IoT devices (e.g., parking meter, gas pump, toaster, vehicles, heart monitor, etc. ) . The UEs may also be referred to as a station, a mobile station, a subscriber station, a mobile unit, a subscriber unit, a wireless unit, a remote unit, a mobile device, a wireless device, a wireless communications device, a remote device, a mobile subscriber station, an access terminal, a mobile terminal, a wireless terminal, a remote terminal, a handset, a user agent, a mobile client, a client, or some other suitable terminology. In some scenarios, the term UE may also apply to one or more companion devices such as in a device constellation arrangement. One or more of these devices may collectively access the network and/or individually access the network.

In some aspects, the UE 104 may include an access component 198 configured to cause the UE 104 to receive an access control configuration from an access control service in a wireless network having a service-based architecture and attempt to access a service based on the access control configuration from the access control service and at least one of incoming traffic or intended service information.

A network node, such as a base station 102, 180, a component of a base station, or a radio node (e.g., a CU 106, DU 105, eDU 171, and/or RU 109) may include an access control component 199. In some aspects, the access control component 199 may be configured to cause the network node to provide information to an access control service 173 and receive an access control configuration from the access control service 173 based, at least in part, on the information and additional information from one or more services of a wireless network. The access control component 199 may be configured to cause the network node to provide the access control configuration to at least one UE 104. In some aspects, a service 175 may include an access control component 199 that is configured to cause the service to provide information for the service 175 to one or more access control services 173, and receive an attempt for access to the service from a UE 104 based on an access control configuration from the access control service 173 to which the information was provided.

In some aspects, an access control service 173 may include an access control component 191. In some aspects, the access control component 191 may be configured to cause the access control service 173 to receive information from one or more services (e.g., 175 or eDU 171) in a wireless network having a service-based architecture; and provide, based on the information from the one or more services, an access control configuration for one or more cells provided by a network node. The network node may then provide the access control configuration to one or more UEs 104.

Deployment of communication systems, such as 5G NR systems or other communication systems, may be arranged in multiple manners with various components or constituent parts. In a 5G NR system, or network, a network node, a network entity, a mobility element of a network, a radio access network (RAN) node, a core network node, a network element, or a network equipment, such as a base station (BS) , or one or more units (or one or more components) performing base station functionality, may be implemented in an aggregated or disaggregated architecture. For example, a BS (such as a Node B (NB) , evolved NB (eNB) , NR BS, 5G NB, access point (AP) , a transmission reception point (TRP) , or a cell, etc. ) may be implemented as an aggregated base station (also known as a standalone BS or a monolithic BS) or a disaggregated base station.

As an example, FIG. 2 shows a diagram illustrating architecture of an example of a disaggregated base station 200. The architecture of the disaggregated base station 200 may include one or more CUs (e.g., a CU 210) that can communicate directly with a core network 220 via a backhaul link, or indirectly with the core network 220 through one or more disaggregated base station units (such as a Near-Real Time (Near-RT) RAN Intelligent Controller (RIC) (e.g., a Near-RT RIC 225) via an E2 link, or a Non-Real Time (Non-RT) RIC (e.g., a Non-RT RIC 215) associated with a Service Management and Orchestration (SMO) Framework (e.g., an SMO Framework 205) , or both) . A CU 210 may communicate with one or more DUs (e.g., a DU 230) via respective midhaul links, such as an F1 interface. The DU 230 may communicate with one or more RUs (e.g., an RU 240) via respective fronthaul links. The RU 240 may communicate with respective UEs (e.g., a UE 204) via one or more radio frequency (RF) access links. In some implementations, the UE 204 may be simultaneously served by multiple RUs.

Each of the units, i.e., the CUs (e.g., a CU 210) , the DUs (e.g., a DU 230) , the RUs (e.g., an RU 240) , as well as the Near-RT RICs (e.g., the Near-RT RIC 225) , the Non-RT RICs (e.g., the Non-RT RIC 215) , and the SMO Framework 205, may include one or more interfaces or be coupled to one or more interfaces configured to receive or to transmit signals, data, or information (collectively, signals) via a wired or wireless transmission medium. Each of the units, or an associated processor or controller providing instructions to the communication interfaces of the units, can be configured to communicate with one or more of the other units via the transmission medium. For example, the units can include a wired interface configured to receive or to transmit signals over a wired transmission medium to one or more of the other units. Additionally, the units can include a wireless interface, which may include a receiver, a transmitter, or a transceiver (such as an RF transceiver) , configured to receive or to transmit signals, or both, over a wireless transmission medium to one or more of the other units.

In some aspects, the CU 210 may host one or more higher layer control functions. Such control functions can include radio resource control (RRC) , packet data convergence protocol (PDCP) , service data adaptation protocol (SDAP) , or the like. Each control function can be implemented with an interface configured to communicate signals with other control functions hosted by the CU 210. The CU 210 may be configured to handle user plane functionality (i.e., Central Unit –User Plane (CU-UP) ) , control plane functionality (i.e., Central Unit –Control Plane (CU-CP) ) , or a combination thereof. In some implementations, the CU 210 can be logically split into one or more CU-UP units and one or more CU-CP units. The CU-UP unit can communicate bidirectionally with the CU-CP unit via an interface, such as an E1 interface when implemented in an O-RAN configuration. The CU 210 can be implemented to communicate with the DU 230, as necessary, for network control and signaling.

The DU 230 may correspond to a logical unit that includes one or more base station functions to control the operation of one or more RUs. In some aspects, the DU 230 may host one or more of a radio link control (RLC) layer, a medium access control (MAC) layer, and one or more high physical (PHY) layers (such as modules for forward error correction (FEC) encoding and decoding, scrambling, modulation, demodulation, or the like) depending, at least in part, on a functional split, such as those defined by 3GPP. In some aspects, the DU 230 may further host one or more low PHY layers. Each layer (or module) can be implemented with an interface configured to communicate signals with other layers (and modules) hosted by the DU 230, or with the control functions hosted by the CU 210.

Lower-layer functionality can be implemented by one or more RUs. In some deployments, an RU 240, controlled by a DU 230, may correspond to a logical node that hosts RF processing functions, or low-PHY layer functions (such as performing fast Fourier transform (FFT) , inverse FFT (iFFT) , digital beamforming, physical random access channel (PRACH) extraction and filtering, or the like) , or both, based at least in part on the functional split, such as a lower layer functional split. In such an architecture, the RU 240 can be implemented to handle over the air (OTA) communication with one or more UEs (e.g., the UE 204) . In some implementations, real-time and non-real-time aspects of control and user plane communication with the RU 240 can be controlled by a corresponding DU. In some scenarios, this configuration can enable the DU (s) and the CU 210 to be implemented in a cloud-based RAN architecture, such as a vRAN architecture.

The SMO Framework 205 may be configured to support RAN deployment and provisioning of non-virtualized and virtualized network elements. For non-virtualized network elements, the SMO Framework 205 may be configured to support the deployment of dedicated physical resources for RAN coverage requirements that may be managed via an operations and maintenance interface (such as an O1 interface) . For virtualized network elements, the SMO Framework 205 may be configured to interact with a cloud computing platform (such as an open cloud (O-Cloud) 290) to perform network element life cycle management (such as to instantiate virtualized network elements) via a cloud computing platform interface (such as an O2 interface) . Such virtualized network elements can include, but are not limited to, CUs, DUs, RUs and Near-RT RICs. In some implementations, the SMO Framework 205 can communicate with a hardware aspect of a 4G RAN, such as an open eNB (O-eNB) 211, via an O1 interface. Additionally, in some implementations, the SMO Framework 205 can communicate directly with one or more RUs via an O1 interface. The SMO Framework 205 also may include a Non-RT RIC 215 configured to support functionality of the SMO Framework 205.

The Non-RT RIC 215 may be configured to include a logical function that enables non-real-time control and optimization of RAN elements and resources, artificial intelligence (AI) /machine learning (ML) (AI/ML) workflows including model training and updates, or policy-based guidance of applications/features in the Near-RT RIC 225. The Non-RT RIC 215 may be coupled to or communicate with (such as via an A1 interface) the Near-RT RIC 225. The Near-RT RIC 225 may be configured to include a logical function that enables near-real-time control and optimization of RAN elements and resources via data collection and actions over an interface (such as via an E2 interface) connecting one or more CUs, one or more DUs, or both, as well as an O-eNB, with the Near-RT RIC 225.

In some implementations, to generate AI/ML models to be deployed in the Near-RT RIC 225, the Non-RT RIC 215 may receive parameters or external enrichment information from external servers. Such information may be utilized by the Near-RT RIC 225 and may be received at the SMO Framework 205 or the Non-RT RIC 215 from non-network data sources or from network functions. In some examples, the Non-RT RIC 215 or the Near-RT RIC 225 may be configured to tune RAN behavior or performance. For example, the Non-RT RIC 215 may monitor long-term trends and patterns for performance and employ AI/ML models to perform corrective actions through the SMO Framework 205 (such as reconfiguration via O1) or via creation of RAN management policies (such as A1 policies) .

At least one of the CU 210, the DU 230, and the RU 240 may be referred to as a base station 202. Accordingly, a base station 202 may include one or more of the CU 210, the DU 230, and the RU 240 (each component indicated with dotted lines to signify that each component may or may not be included in the base station 202) . The base station 202 provides an access point to the core network 220 for a UE 204. The communication links between the RUs (e.g., the RU 240) and the UEs (e.g., the UE 204) may include uplink (UL) (also referred to as reverse link) transmissions from a UE 204 to an RU 240 and/or downlink (DL) (also referred to as forward link) transmissions from an RU 240 to a UE 204.

Certain UEs may communicate with each other using D2D communication (e.g., a D2D communication link 258) . The D2D communication link 258 may use the DL/UL WWAN spectrum. The D2D communication link 258 may use one or more sidelink channels. D2D communication may be through a variety of wireless D2D communications systems, such as for example, Bluetooth, Wi-Fi based on the IEEE 802.11 standard, LTE, or NR.

The wireless communications system may further include a Wi-Fi AP 250 in communication with a UE 204 (also referred to as Wi-Fi STAs) via communication link 254, e.g., in a 5 GHz unlicensed frequency spectrum or the like. When communicating in an unlicensed frequency spectrum, the UE 204 /Wi-Fi AP 250 may perform a CCA prior to communicating in order to determine whether the channel is available.

The base station 202 and the UE 204 may each include a plurality of antennas, such as antenna elements, antenna panels, and/or antenna arrays to facilitate beamforming. The base station 202 may transmit a beamformed signal 282 for the UE 204 in one or more transmit directions. The UE 204 may receive the beamformed signal from the base station 202 in one or more receive directions. The UE 204 may also transmit a beamformed signal 284 to the base station 202 in one or more transmit directions. The base station 202 may receive the beamformed signal from the UE 204 in one or more receive directions. The base station 202 /UE 204 may perform beam training to determine the best receive and transmit directions for each of the base station 202 /UE 204. The transmit and receive directions for the base station 202 may or may not be the same. The transmit and receive directions for the UE 204 may or may not be the same.

The core network 220 may include an Access and Mobility Management Function (AMF) (e.g., an AMF 261) , a Session Management Function (SMF) (e.g., an SMF 262) , a User Plane Function (UPF) (e.g., a UPF 263) , a Unified Data Management (UDM) (e.g., a UDM 264) , one or more location servers 268, and other functional entities. The AMF 261 is the control node that processes the signaling between the UEs and the core network 220. The AMF 261 supports registration management, connection management, mobility management, and other functions. The SMF 262 supports session management and other functions. The UPF 263 supports packet routing, packet forwarding, and other functions. The UDM 264 supports the generation of authentication and key agreement (AKA) credentials, user identification handling, access authorization, and subscription management. The one or more location servers 268 are illustrated as including a Gateway Mobile Location Center (GMLC) (e.g., a GMLC 265) and a Location Management Function (LMF) (e.g., an LMF 266) . However, generally, the one or more location servers 268 may include one or more location/positioning servers, which may include one or more of the GMLC 265, the LMF 266, a position determination entity (PDE) , a serving mobile location center (SMLC) , a mobile positioning center (MPC) , or the like. The GMLC 265 and the LMF 266 support UE location services. The GMLC 265 provides an interface for clients/applications (e.g., emergency services) for accessing UE positioning information. The LMF 266 receives measurements and assistance information from the NG-RAN and the UE 204 via the AMF 261 to compute the position of the UE 204. The NG-RAN may utilize one or more positioning methods in order to determine the position of the UE 204. Positioning the UE 204 may involve signal measurements, a position estimate, and an optional velocity computation based on the measurements. The signal measurements may be made by the UE 204 and/or the base station 202 serving the UE 204. The signals measured may be based on one or more of a satellite positioning system (SPS) 270 (e.g., one or more of a Global Navigation Satellite System (GNSS) , global position system (GPS) , non-terrestrial network (NTN) , or other satellite position/location system) , LTE signals, wireless local area network (WLAN) signals, Bluetooth signals, a terrestrial beacon system (TBS) , sensor-based information (e.g., barometric pressure sensor, motion sensor) , NR enhanced cell ID (NR E-CID) methods, NR signals (e.g., multi-round trip time (Multi-RTT) , DL angle-of-departure (DL-AoD) , DL time difference of arrival (DL-TDOA) , UL time difference of arrival (UL-TDOA) , and UL angle-of-arrival (UL-AoA) positioning) , and/or other systems/signals/sensors.

Referring again to FIG. 2, in some aspects, the UE 204, similar for the UE 104 in FIG. 1, may include an access component 198 configured to cause the UE 204 to receive an access control configuration from an access control service in a wireless network having a service-based architecture and attempt to access a service based on the access control configuration from the access control service and at least one of incoming traffic or intended service information.

A network node, such as a base station 202 or a component of a base station (e.g., a CU 210, DU 230, eDU, and/or RU 240) may include an access control component 199. In some aspects, the access control component 199 may be configured to cause the network node to provide information to an access control service 173 and receive an access control configuration from the access control service 173 based, at least in part, on the information and additional information from one or more services of a wireless network. The access control component 199 may be configured to cause the network node to provide the access control configuration to at least one UE 104.

In some aspects, the wireless network may include a service-based architecture, e.g., and may include an access control service 173 that includes an access control component 191. In some aspects, the access control component 191 may be configured to cause the access control service 173 to receive information from one or more services (e.g., 175 or eDU 171) in a wireless network having a service-based architecture; and provide, based on the information from the one or more services, an access control configuration for one or more cells provided by a network node. The network node may then provide the access control configuration to one or more UEs 104.

FIG. 3A is a diagram 300 illustrating an example of a first subframe within a frame structure. The example aspects may be for a 5G NR frame structure in order to illustrate an example radio frame having time and frequency resources. Aspects may also be applied for other wireless communication systems. FIG. 3B is a diagram 330 illustrating an example of DL channels within a subframe. FIG. 3C is a diagram 350 illustrating an example of a second subframe within a frame structure. FIG. 3D is a diagram 380 illustrating an example of UL channels within a subframe. The frame structure may be frequency division duplexed (FDD) in which for a particular set of subcarriers (carrier system bandwidth) , subframes within the set of subcarriers are dedicated for either DL or UL, or may be time division duplexed (TDD) in which for a particular set of subcarriers (carrier system bandwidth) , subframes within the set of subcarriers are dedicated for both DL and UL. In the examples provided by FIGs. 3A, 3C, the frame structure is assumed to be TDD, with subframe 4 being configured with slot format 28 (with mostly DL) , where D is DL, U is UL, and F is flexible for use between DL/UL, and subframe 3 being configured with slot format 1 (with all UL) . While subframes 3, 4 are shown with slot formats 1, 28, respectively, any particular subframe may be configured with any of the various available slot formats 0-61. Slot formats 0, 1 are all DL, UL, respectively. Other slot formats 2-61 include a mix of DL, UL, and flexible symbols. UEs are configured with the slot format (dynamically through DL control information (DCI) , or semi-statically/statically through radio resource control (RRC) signaling) through a received slot format indicator (SFI) . Note that the description infra applies also to a 5G NR frame structure that is TDD.

FIGs. 3A-3D illustrate a frame structure, and the aspects of the present disclosure may be applicable to other wireless communication technologies, which may have a different frame structure and/or different channels. A frame (10 ms) may be divided into 10 equally sized subframes (1 ms) . Each subframe may include one or more time slots. Subframes may also include mini-slots, which may include 7, 4, or 2 symbols. Each slot may include 14 or 12 symbols, depending on whether the cyclic prefix (CP) is normal or extended. For normal CP, each slot may include 14 symbols, and for extended CP, each slot may include 12 symbols. The symbols on DL may be CP orthogonal frequency division multiplexing (OFDM) (CP-OFDM) symbols. The symbols on UL may be CP-OFDM symbols (for high throughput scenarios) or discrete Fourier transform (DFT) spread OFDM (DFT-s-OFDM) symbols (for power limited scenarios; limited to a single stream transmission) . The number of slots within a subframe is based on the CP and the numerology. The numerology defines the subcarrier spacing (SCS) (see Table 1) . The symbol length/duration may scale with 1/SCS.

Table 1: Numerology, SCS, and CP

For normal CP (14 symbols/slot) , different numerologies μ 0 to 4 allow for 1, 2, 4, 8, and 16 slots, respectively, per subframe. For extended CP, the numerology 2 allows for 4 slots per subframe. Accordingly, for normal CP and numerology μ, there are 14 symbols/slot and 2^μ slots/subframe. As shown in Table 1, the subcarrier spacing may be equal to 2^μ*15 kHz, where μ is the numerology 0 to 4. As such, the numerology μ=0 has a subcarrier spacing of 15 kHz and the numerology μ=4 has a subcarrier spacing of 240 kHz. The symbol length/duration is inversely related to the subcarrier spacing. FIGs. 3A-3D provide an example of normal CP with 14 symbols per slot and numerology μ=2 with 4 slots per subframe. The slot duration is 0.25 ms, the subcarrier spacing is 60 kHz, and the symbol duration is approximately 16.67 μs. Within a set of frames, there may be one or more different bandwidth parts (BWPs) (see FIG. 3B) that are frequency division multiplexed. Each BWP may have a particular numerology and CP (normal or extended) .

A resource grid may be used to represent the frame structure. Each time slot includes a resource block (RB) (also referred to as physical RBs (PRBs) ) that extends 12 consecutive subcarriers. The resource grid is divided into multiple resource elements (REs) . The number of bits carried by each RE depends on the modulation scheme.

As illustrated in FIG. 3A, some of the REs carry reference (pilot) signals (RS) for the UE. The RS may include demodulation RS (DM-RS) (indicated as R for one particular configuration, but other DM-RS configurations are possible) and channel state information reference signals (CSI-RS) for channel estimation at the UE. The RS may also include beam measurement RS (BRS) , beam refinement RS (BRRS) , and phase tracking RS (PT-RS) .

FIG. 3B illustrates an example of various DL channels within a subframe of a frame. The physical downlink control channel (PDCCH) carries DCI within one or more control channel elements (CCEs) (e.g., 1, 2, 4, 8, or 16 CCEs) , each CCE including six RE groups (REGs) , each REG including 12 consecutive REs in an OFDM symbol of an RB. A PDCCH within one BWP may be referred to as a control resource set (CORESET) . A UE is configured to monitor PDCCH candidates in a PDCCH search space (e.g., common search space, UE-specific search space) during PDCCH monitoring occasions on the CORESET, where the PDCCH candidates have different DCI formats and different aggregation levels. Additional BWPs may be located at greater and/or lower frequencies across the channel bandwidth. A primary synchronization signal (PSS) may be within symbol 2 of particular subframes of a frame. The PSS is used by a UE, such as one of the UEs 104 of FIG. 1 and/or the UE 204 of FIG. 2, to determine subframe/symbol timing and a physical layer identity. A secondary synchronization signal (SSS) may be within symbol 4 of particular subframes of a frame. The SSS is used by a UE to determine a physical layer cell identity group number and radio frame timing. Based on the physical layer identity and the physical layer cell identity group number, the UE can determine a physical cell identifier (PCI) . Based on the PCI, the UE can determine the locations of the DM-RS. The physical broadcast channel (PBCH) , which carries a master information block (MIB) , may be logically grouped with the PSS and SSS to form a synchronization signal (SS) /PBCH block (also referred to as SS block (SSB) ) . The MIB provides a number of RBs in the system bandwidth and a system frame number (SFN) . The physical downlink shared channel (PDSCH) carries user data, broadcast system information not transmitted through the PBCH such as system information blocks (SIBs) , and paging messages. As presented herein, a UE may request SI/SIB (s) associated with an SI service, and may receive the SI/SIB (s) in response to the request. In some aspects, a minimum SI may be provided to enable UEs to request particular SI/SIB (s) , e.g., as described in more detail in connection with FIGs. 9 and 12-16.

As illustrated in FIG. 3C, some of the REs carry DM-RS (indicated as R for one particular configuration, but other DM-RS configurations are possible) for channel estimation at the base station. The UE may transmit DM-RS for the physical uplink control channel (PUCCH) and DM-RS for the physical uplink shared channel (PUSCH) . The PUSCH DM-RS may be transmitted in the first one or two symbols of the PUSCH. The PUCCH DM-RS may be transmitted in different configurations depending on whether short or long PUCCHs are transmitted and depending on the particular PUCCH format used. The UE may transmit sounding reference signals (SRS) . The SRS may be transmitted in the last symbol of a subframe. The SRS may have a comb structure, and a UE may transmit SRS on one of the combs. The SRS may be used by a base station for channel quality estimation to enable frequency-dependent scheduling on the UL.

FIG. 3D illustrates an example of various UL channels within a subframe of a frame. The PUCCH may be located as indicated in one configuration. The PUCCH carries uplink control information (UCI) , such as scheduling requests, a channel quality indicator (CQI) , a precoding matrix indicator (PMI) , a rank indicator (RI) , and hybrid automatic repeat request (HARQ) acknowledgment (ACK) (HARQ-ACK) feedback (i.e., one or more HARQ ACK bits indicating one or more ACK and/or negative ACK (NACK) ) . The PUSCH carries data, and may additionally be used to carry a buffer status report (BSR) , a power headroom report (PHR) , and/or UCI.

FIG. 4 is a block diagram that illustrates an example of a first wireless device that is configured to exchange wireless communication with a second wireless device. In the illustrated example of FIG. 4, the first wireless device may include a network node, which may be referred to as a radio node, DU, eDU, or base station 410. The second wireless device may include a UE 450, and the base station 410 may be in communication with the UE 450 in an access network. As shown in FIG. 4, the base station 410 may include a transmit processor (TX processor 416) , a transmitter 418Tx, a receiver 418Rx, antennas 420, a receive processor (RX processor 470) , a channel estimator 474, a controller/processor 475, and at least one memory 476 (e.g., one or more memories) . The example UE 450 includes antennas 452, a transmitter 454Tx, a receiver 454Rx, an RX processor 456, a channel estimator 458, a controller/processor 459, at least one memory 460 (e.g., one or more memories) , and a TX processor 468. In other examples, the base station 410 and/or the UE 450 may include additional or alternative components.

In the DL, Internet protocol (IP) packets may be provided to the controller/processor 475. The controller/processor 475 implements layer 3 and layer 2 functionality. Layer 3 includes a radio resource control (RRC) layer, and layer 2 includes a service data adaptation protocol (SDAP) layer, a packet data convergence protocol (PDCP) layer, a radio link control (RLC) layer, and a medium access control (MAC) layer. The controller/processor 475 provides RRC layer functionality associated with broadcasting of system information (e.g., MIB, SIBs) , RRC connection control (e.g., RRC connection paging, RRC connection establishment, RRC connection modification, and RRC connection release) , inter radio access technology (RAT) mobility, and measurement configuration for UE measurement reporting; PDCP layer functionality associated with header compression /decompression, security (ciphering, deciphering, integrity protection, integrity verification) , and handover support functions; RLC layer functionality associated with the transfer of upper layer packet data units (PDUs) , error correction through ARQ, concatenation, segmentation, and reassembly of RLC service data units (SDUs) , re-segmentation of RLC data PDUs, and reordering of RLC data PDUs; and MAC layer functionality associated with mapping between logical channels and transport channels, multiplexing of MAC SDUs onto transport blocks (TBs) , demultiplexing of MAC SDUs from TBs, scheduling information reporting, error correction through HARQ, priority handling, and logical channel prioritization.

The TX processor 416 and the RX processor 470 implement layer 1 functionality associated with various signal processing functions. Layer 1, which includes a physical (PHY) layer, may include error detection on the transport channels, forward error correction (FEC) coding/decoding of the transport channels, interleaving, rate matching, mapping onto physical channels, modulation/demodulation of physical channels, and MIMO antenna processing. The TX processor 416 handles mapping to signal constellations based on various modulation schemes (e.g., binary phase-shift keying (BPSK) , quadrature phase-shift keying (QPSK) , M-phase-shift keying (M-PSK) , M-quadrature amplitude modulation (M-QAM) ) . The coded and modulated symbols may then be split into parallel streams. Each stream may then be mapped to an OFDM subcarrier, multiplexed with a reference signal (e.g., pilot) in the time and/or frequency domain, and then combined together using an Inverse Fast Fourier Transform (IFFT) to produce a physical channel carrying a time domain OFDM symbol stream. The OFDM stream is spatially precoded to produce multiple spatial streams. Channel estimates from the channel estimator 474 may be used to determine the coding and modulation scheme, as well as for spatial processing. The channel estimate may be derived from a reference signal and/or channel condition feedback transmitted by the UE 450. Each spatial stream may then be provided to a different antenna of the antennas 420 via a separate transmitter (e.g., the transmitter 418Tx) . Each transmitter 418Tx may modulate a radio frequency (RF) carrier with a respective spatial stream for transmission.

At the UE 450, each receiver 454Rx receives a signal through its respective antenna of the antennas 452. Each receiver 454Rx recovers information modulated onto an RF carrier and provides the information to the RX processor 456. The TX processor 468 and the RX processor 456 implement layer 1 functionality associated with various signal processing functions. The RX processor 456 may perform spatial processing on the information to recover any spatial streams destined for the UE 450. If multiple spatial streams are destined for the UE 450, two or more of the multiple spatial streams may be combined by the RX processor 456 into a single OFDM symbol stream. The RX processor 456 then converts the OFDM symbol stream from the time domain to the frequency domain using a Fast Fourier Transform (FFT) . The frequency domain signal includes a separate OFDM symbol stream for each subcarrier of the OFDM signal. The symbols on each subcarrier, and the reference signal, are recovered and demodulated by determining the most likely signal constellation points transmitted by the base station 410. These soft decisions may be based on channel estimates computed by the channel estimator 458. The soft decisions are then decoded and deinterleaved to recover the data and control signals that were originally transmitted by the base station 410 on the physical channel. The data and control signals are then provided to the controller/processor 459, which implements layer 3 and layer 2 functionality.

The controller/processor 459 can be associated with the at least one memory 460 that stores program codes and data. The at least one memory 460 may be referred to as a computer-readable medium. In the UL, the controller/processor 459 provides demultiplexing between transport and logical channels, packet reassembly, deciphering, header decompression, and control signal processing to recover IP packets. The controller/processor 459 is also responsible for error detection using an ACK and/or NACK protocol to support HARQ operations.

Similar to the functionality described in connection with the DL transmission by the base station 410, the controller/processor 459 provides RRC layer functionality associated with system information (e.g., MIB, SIBs) acquisition, RRC connections, and measurement reporting; PDCP layer functionality associated with header compression /decompression, and security (ciphering, deciphering, integrity protection, integrity verification) ; RLC layer functionality associated with the transfer of upper layer PDUs, error correction through ARQ, concatenation, segmentation, and reassembly of RLC SDUs, re-segmentation of RLC data PDUs, and reordering of RLC data PDUs; and MAC layer functionality associated with mapping between logical channels and transport channels, multiplexing of MAC SDUs onto TBs, demultiplexing of MAC SDUs from TBs, scheduling information reporting, error correction through HARQ, priority handling, and logical channel prioritization.

Channel estimates derived by the channel estimator 458 from a reference signal or feedback transmitted by the base station 410 may be used by the TX processor 468 to select the appropriate coding and modulation schemes, and to facilitate spatial processing. The spatial streams generated by the TX processor 468 may be provided to different antenna of the antennas 452 via separate transmitters (e.g., the transmitter 454Tx) . Each transmitter 454Tx may modulate an RF carrier with a respective spatial stream for transmission.

The UL transmission is processed at the base station 410 in a manner similar to that described in connection with the receiver function at the UE 450. Each receiver 418Rx receives a signal through its respective antenna of the antennas 420. Each receiver 418Rx recovers information modulated onto an RF carrier and provides the information to the RX processor 470.

The controller/processor 475 can be associated with the at least one memory 476 that stores program codes and data. The at least one memory 476 may be referred to as a computer-readable medium. In the UL, the controller/processor 475 provides demultiplexing between transport and logical channels, packet reassembly, deciphering, header decompression, control signal processing to recover IP packets. The controller/processor 475 is also responsible for error detection using an ACK and/or NACK protocol to support HARQ operations.

At least one of the TX processor 468, the RX processor 456, and the controller/processor 459 may be configured to perform aspects in connection with the access component 198 of FIG. 1.

At least one of the TX processor 416, the RX processor 470, and the controller/processor 475 may be configured to perform aspects in connection with the access control component 199 of FIG. 1.

Some wireless communication systems may include a service-based architecture, and may include a system information service (which may be referred to as an SI service) for a system information operation. Aspects presented herein provide a system information (SI) acquisition procedure for a service-based architecture.

FIG. 5A is a diagram 500 illustrating an example function split between a core network 530 and a RAN 540. FIGs. 1 and 2 illustrate various example aspects of a core network (e.g., EPC 160, core network 190, 220) , and FIG. 1 illustrates an example of a base station 102/180 as a RAN. FIG. 5A shows the UPF 595, SMF 594, and AMF 592 as part of the core network 530. FIG. 5A shows the CU-UP 502 (e.g., that provides user plane functionality) , the CU-CP 504 (e.g., that provides control plane functionality) , and the DU 506 provided as part of the RAN 540. The CU-CP and/or CU-UP may include aspects described for the CU 106 and/or 210 in FIG. 2. The DU 506 may include aspects described for the DU 105 in FIG. 1 or the DU 230 in FIG. 2. Aspects of the core network/RAN hierarchy in FIG. 5A may be employed, e.g., in 3G, 4G, and/or 5G wireless networks, as an example. The functional split in FIG. 5A may help to maintain performance and security of a wireless network and accessibility of on-site equipment. FIG. 5A illustrates that some aspects of the core network 530 may include a cloud platform 508, and some aspects of the RAN 540 may include a cloud platform 510. A cloud platform provides a framework for an operating system that uses computing resources in a web-based data center over the internet. In some aspects, the cloud platform may be a cloud-native platform, for example. A cloud platform may refer to an operating system and hardware of one or more servers in an internet-based data center.

FIG. 5B is a diagram 525 illustrating example aspects of a cloud platform (e.g., as shown at 526) for a wireless network that may include a merger (or combined functionality) of core network and RAN services. The merged or combined functionality may also be referred to herein as “converged” as functionality of a core network and RAN are combined or merged in various services. The platform may also be referred to herein as a merged core/RAN platform 550, for example. The combination of the functions between the core network and the RAN may simplify protocols and reduce duplication across the core network and RAN. FIG. 5B illustrates that services (which may include merged services that combine core network and RAN functionality) can be hosted in the wireless network based on a deployment topology and/or capabilities for each service’s requirements. FIG. 5B illustrates multiple services 512, 514, and 516; multiple applications 520 and 522; and an eDU 524 as part of the merged Core/RAN platform 550. The platform enables each service 512 to be updated independently of the other services. The services provide various functions for the wireless network. Examples of services may include access control services, mobility services, PWS services, V2X services, MBS services, and positioning services, among other examples. The platform may use an API interface 517, for example.

FIG. 6 is a diagram 600 showing a converged service-based core network and RAN and shows that various functions performed by the core network (e.g., AMF 692) and the RAN (e.g., CU-CP 602 and/or the DU 604) can be distributed across the service-based platform described in connection with FIG. 5B. The system may be referred herein to as converged because at least some functions of the core network and the RAN are combined in one or more of the services. FIG. 6 illustrates an example functional split 610 between the core network (e.g., 692) and the RAN (e.g., 602 and 604) . As illustrated by the arrows, various aspects of the inter-DU functions 606 that are performed by the AMF 692 and/or the CU-CP 602 can be performed by different services 612 and 614 in the service-based architecture. FIG. 6 illustrates that intra-DU functions 608 performed by the CU-CP 602 and/or the DU 604 can be performed by the eDU 624 (as an example of a network node or radio node) using the cloud based architecture 626. FIG. 6 also illustrates that the service-based architecture may include one or more applications 620 and 622.

The converged service-based core network and RAN may include a single cloud platform to host application (s) , and the core network and RAN services, for example. The architecture can extend a service-based architecture to the RAN. The architecture may enable a cloud based system, e.g., which can provide scalability, elasticity, resilience, reuse, agility, visibility, automation, and/or protection in case of failure, among other benefits. Each service (e.g., 512 or 612) can be scaled independently, and resources can be increased or decreased for individual services.

The functional split (e.g., as shown at 610) for the core network and RAN can be adjusted in order to leverage cloud deployments (e.g., in comparison to an appliance centered architecture) . Such cloud platforms enable a redistribution of services or functions of the core network and RAN, and enables applications to share the common platform. The cloud based architecture enables real-time link management to the RAN edge. Adaptation at the DU, e.g., eDU or radio node, enables more efficient activation/deactivation/selection of features based on the intended user experience.

FIG. 7A illustrates an example of monolithic protocols that may be used in connection with a core network (e.g., non-access stratum (NAS) ) and a RAN (e.g., RRC) , e.g., in a network that does not have a service-based architecture. A single control plane protocol may be provided for all control plane functions. FIG. 7A illustrates that the protocols may include a physical layer protocol 702, a medium access control (MAC) protocol 704, a radio link control (RLC) protocol 706, a packet data convergence protocol (PDCP) 708, a radio resource control (RRC) protocol 710, and a NAS protocol 712, an IP protocol 711, a service data adaptation protocol (SDAP) 709.

The configuration aspects (e.g., RRC configuration) and activation/deactivation aspects (e.g., MAC layer aspects) for performance sensitive features can be decoupled from a service-based architecture. For example, package duplication may be configured by RRC, and may be activated and deactivated by MAC-CE. FIG. 7B is a diagram 700 showing L2 functions 703 (e.g., RLC and/or MAC functions) and PHY layer aspects 701 separate from the services 713, 714, and 716, e.g., for a service-based architecture such as in FIG. 5B or 6. Protocols may be specialized per service, and may be individually updated. The architecture enables adaptation across different verticals (e.g., services 713, 714, or 716) and deployment types (e.g., deployments of wireless networks) . Different providers or hosts may provide different services. The model in FIG. 7B may include separate layers for NAS and access stratum (AS) , for example.

FIG. 7C is a diagram 725 that illustrates an example of addressing and routing for packet transport between a service 713 and a UE 724 via the RAN, e.g., including the eDU 722. Although the eDU is illustrated as an example of a radio node, the radio node may also be referred to by other names, such as a network node, a network entity, or a network equipment, among other examples. The aspects may be applied for a service-based architecture that includes aspects described in connection with FIG. 5B, 6, or 7B, for example. FIG. 7C illustrates an example of direct communication between the UE and a service of the wireless network. The UE 724 discovers the service routing information, e.g., which may include a uniform resource identifier (URI) , or a port, among other examples. The UE labels packets to the service with the service address, which may include or be based on an IP address. The packets are provided to the service via an end-to-end routing layer from the UE 724 to the network service 713, e.g., with binding to access stratum (AS) resources on the uplink (e.g., at the UE) and downlink (e.g., at the eDU) , e.g., with a configured bearer in an AS layer for the packet. For example, the eDU, or the eDU in combination with other network entities, may function as a router to provide the packets between the UE and the service. The addressing of the packets enables transparent routing at the eDU 722, e.g., the service protocol layer may be transparent to the eDU 722. Similarly, when sending packets to the UE 724, the service 713 labels the packets with the UE address (e.g., an IP address for the UE) .

In a wireless network without a service-based architecture (e.g., such as an NR wireless system without a service-based architecture) , a unified access control (UAC) framework may be employed. Depending on a network operator’s policy, deployment scenarios, subscriber profiles, and available services, different criterion may be used to determine which access attempts will be allowed or blocked when congestion occurs in the system. As an example, the different criteria for access control may be associated with access identifies and/or access categories. An access identity may correspond to a class of UE (e.g., such as a priority UE, a mission critical UE, or a regular (or non-priority) UE, among other examples) . An access identity may correspond to the service for which the access is attempted (e.g., a mobile originated (MO) service or a mobile terminated (MT) service, among other examples) . The wireless network may provide a single, unified access control, enabling operators to control access based on the access categories and access identities. In some aspects, a RAN (e.g., a base station) may broadcast barring control information (e.g., which may be referred to as a unified access control configuration or a UAC configuration) with a list of barring parameters associated with access categories and access identities. The UAC configuration may be generated by the RAN or a core network entity, such as the OAM. The UAC configuration may be generated based on a current cell load and may be applicable for the corresponding cell (e.g., only applicable to the corresponding cell) . As an example, a base station may broadcast barring control information in SIB1. In examples with network sharing, the barring control information can be set individually for each PLMN. Each access attempt by a UE can be categorized into one or more of the access identities (e.g., UE class of the UE attempting the access) or access categories (e.g., service class of the service for which access is attempted) . Based on the access control information applicable (e.g., barring information received in SIB1) for the access identity and access category of the access attempt, a UE may perform access control by determining whether or not to perform the access attempt. For example, the UE may compare the received barring parameters to see whether the UE’s access identity (e.g., UE class) or the access category (e.g., service class that the UE would attempt to access) are indicated as barred by the barring parameters broadcast by the base station. A non-access spectrum (NAS) procedure may be used to determine access identity and access category. An RRC procedure may be used for access checking, e.g., for attempting access. In some aspects, a UAC trigger may include an RRC idle state, an RRC connected state, or an RRC inactive state. As an example, an operating mode of the network may be a standalone non-public network (SNPN) or a non-SNPN mode.

In a wireless network that supports a service-based architecture (e.g., as described in connection with FIGs. 5B, 6, and 7B) , the access control related mechanisms may be adapted to the service-based architecture and may provide protecting mechanism for the intended service, e.g., if the service suffers from a processing overload. Aspects presented herein address the generation and management of an access control configuration in a wireless network with a service-based architecture, where the access control configuration prevents UE access if the intended network node (e.g. the intended Service or RAN node) is overloaded. Aspects presented herein address the network entity that generates and manages access control configuration and provides mechanisms for the UE to obtain the access control configuration.

For example, aspects presented herein provide access control mechanisms for wireless networks with a service-based architecture. The access control configuration may be generated based on load input from other services. In some aspects, the services may include eDUs. For example, the services may include eDUs and other non-eDU services. An access control service may be introduced for providing a more global perspective for access control configuration.

The access control configurations can be delivered to UE via a user plane, in some aspects. The access control configuration may be configured for one or more purposes. As an example, the access control configuration may be configured for eDU load control (e.g., to control the load experienced at an eDU due to access granted to UEs served by the eDU) . The access control configuration may be configured to protect the eDU from overload or may be configured to protect the eDU when the eDU experiences an overload. A UE may check the access control configuration to determine whether an access attempt by the UE is allowed to establish a connection with eDU based on the incoming traffic.

As another example, the access control configuration may be configured for service load control (e.g., services other than an eDU) . A UE may check the access control configuration to determine whether an access attempt to the intended service is allowed based on the information about the intended service. For example, a UE may determine whether the UE is allowed to establish a connection with the eDU for the access attempt to the intended service based on the access control configuration and intended service information.

As described herein, for a service-based and/or converged network architecture, an access control service can be provided to generate and manage access control configurations. In some aspects, the access control service may be a centralized access control service. FIG. 8A and FIG. 9 illustrate examples of a centralized access control service. In some aspects, distributed access control services may be provided in the network. FIG. 10 illustrates an example of distributed access control services. The access control service 814 in FIG. 8A is a diagram 800 showing a central access control service, because the access control service 814 provides access control configurations to multiple eDUs, e.g., is central to multiple eDUs, whereas the distributed access control service illustrated in FIG. 9 may be co-located with an eDU. The eDU 802 may serve UE 804, and the eDU 803 may serve the UE 805.

As input, the access control service may receive information from the other services, including eDU (s) . FIG. 8B is a diagram 850 illustrating an access control service 814 receiving input from other network nodes (e.g., from eDU (s) 802 and 803 and other services (e.g., service X 812 and service Y 816) , e.g., via an API 817. As non-limiting examples of services, FIG. 8A illustrates service X 812 as a slice service, and service Y as an SNPN or a time sensitive network (TSN) . The wireless network may include various types of services, and the examples of a slice service and an SNPN/TSN service are used merely to illustrate the concept.

In some aspects, one or more eDUs (e.g., 802 and/or 803) may provide information (such as loading information) to the access control service 814. The dashed lines 822 and 824 show the eDUs 802 and 803 providing such information to the access control service 814 (e.g., to a central access control service) . As an example, an eDU may provide loading information for a cell, e.g., an individual cell, provided by the eDU to the access control service 814. In some aspects, the eDU may provide, to the access control service 814, loading information for multiple cells provided by the eDU. FIG. 8A also shows dashed lines 826 and 828 representing information that service X 812 and service Y 816 (e.g., which may be referred to as non-DU services or other services) provide to the access control service 814. In some aspects, the other services (e.g., 812 or 816) may provide information that is cell specific. The access control service 814 generates the access control configuration, e.g., based at least in part on the information received from the eDU (s) and/or other services. As output, the access control service 814 can provide an access control configuration for one or more UEs (e.g., UE 804 and/or 805) , and the access control configuration can be delivered to the UE over the user plane, in some aspects. For example, as output, the access control configurations may be provided to a UE using either system information (SI) transmitted by an eDU or may be provided based on (e.g., in response to) a request from the UE. In some aspects, a request for the access control configuration may be referred to as an access control configuration query. An access control configuration provided by the access control service 814 may be applicable to a certain area (e.g., a set of one or more cells) . For example, and eDU may provide a single cell or multiple cells. Table 2 illustrates an example of access control configurations that the access control service 814 may provide to the eDU 802 and/or eDU 803.

Table 2

Various types of network architectures may support an access control service. For example, in some aspects, the wireless network may have a centralized access control service. In other aspects, the wireless network may have distributed access control services. FIG. 8A illustrates an example of wireless network having a centralized architecture, e.g., a centralized access control service (e.g., 814) that provides access control configurations for multiple eDUs. As an example, a standalone network node may implement the access control service 814. The access control service 814 generates and manages access control configuration taking into account the input from other services and eDUs. The access control service 814 may have a more global view of the load situation at various network nodes, and can be able to provide regional access control configurations (e.g., access control configurations across multiple eDUs) .

In some aspects, a service (or multiple services) may experience a processing overload situation (e.g., in which the processing load of the service exceeds a threshold or exceeds a capacity supported by the service) , and the service may not have enough processing capability to process a current load at the service. As shown in FIG. 8A, the services (as shown by the examples for service X 812 and service Y 816) can provide input information to the access control service 814. The input information could include, for example, a service load status (e.g., a load percentage) , service priority, area scope, and/or a time scope. For example, the service X 812 may provide a service load status, or current load percentage to the access control service 814. Additionally, or alternatively, the service X 812 may provide a service priority. In some aspects, a service priority may be indicated as a level, e.g., a high priority, a medium priority, and/or a low priority. In some aspects, the priority may be indicated as priority 1, 2, 3, or 4, for example. Additionally, or alternatively, the service X 812 may indicate an area associated with the information that is provided. For example, the service load status may be associated with one or more cells or may be associated with a geographic area. Additionally, or alternatively, the service X 812 may indicate a time period associated with the service information. For example, the time period may include a time range associated with the service load information. As an example, a service may indicate that the service load information is applicable within the indicated time range. One or more eDUs can also provide input information to the access control service 814. The input information may an eDU may include a cell load status for one or more cells, a radio resource load status, an area scope, and/or a time scope. As described for the service information from the other services, the eDU may indicate an area (e.g., a cell or a geographic area) for which the cell load status/radio resource load status is application. Additionally, or alternatively, the eDU may indicate a time or a time period, or a time range associated with the cell load status/radio resource load status provided to the access control service 814.

In some aspects, the wireless network may have a distributed access control service architecture. FIG. 9 illustrates an example of distributed access control services (e.g., access control services (906 and 907) . In a distributed network, an access control service (e.g., 906 or 907) can be co-located with a corresponding eDU. In some aspects, the eDU may implement the access control functionality. For example, the access control service at the respective eDU may generate and manage the access control configuration based on the input from the services 912, 914, and/or 916 and based on local cell load situation. This may enable fewer services to be deployed, and may allow the eDU to determine the services from which the eDU (or the access control service at the eDU) will receive the access control information. FIG. 9 illustrates an example 900 of an access control service 906 that is co-located with the eDU 902, and an access control service 907 that is co-located with the eDU 903. As shown at 922, the eDU 902 (and the corresponding access control service 906) may receive information from the service X (e.g., 912) . In some aspects, the eDU 902 may also receive information from one or more of the services 914 or 916.

In some aspects, a distributed access control service may be referred to as an access control function that is co-located with the eDU, and the access control configuration may be generated by the eDU. For example, the eDU can access other services (e.g., services 912, 914, and/or 916) via an API 917, and the other services can provide assistance information to the access control service (e.g., 906 or 907) at the eDU (e.g., 902 or 903) . The assistance information may include, for example, a service load status (e.g., a load percentage) or a service priority. One or more of the services may experience a processing overload situation, e.g., as described above, and the service may not have enough processing capability to meet a current load. The eDU (e.g., the access control service at the eDU) can generate or adjust an access control configuration based on the input assistance information from the other services and a local load situation at the eDU.

FIGs. 10-13 illustrate various examples of access control configuration acquisition.

FIG. 10 illustrates an example communication diagram 1000 for access control configurations from a central access control service (e.g., 1010) that may be broadcast as system information. As shown at 1020, 1022, 1028, and 1030, the access control service 1010 may receive service information from one or more services. The services may include one or more eDU, such as eDU 1006 and/or eDU 1008. The information may correspond to the input described in connection with FIG. 8B. The information from the service X 1012 and/or the service Y 1014 may include a service load status (e.g., a load percentage) , service priority, associated area, and/or associated timing information. The information from the eDU 1006 and/or 1008 may include a cell load status for one or more cells, a radio resource load status, an area information, and/or associated timing information. In some aspects, the access control service 1010 may provide a query (or request) for the information. FIG. 10 illustrates the access control service 1010 providing queries 1016, 1018, 1024, and 1026 to the various services, and shows that the service information 1020, 1022, 1028, and 1030 may be provided by the various services to the access control service 1010 in response to a respective query (e.g., of 1016, 1018, 1024, and 1030) .

The access control service 1010 may generate one or more access control configurations, at 1032, based on the received service information. The access control configuration (s) may correspond to the output illustrated in FIG. 8B. For example, the access control service 1010 may generate one or more access control profiles based on the requirements from other services and eDU (s) . In some aspects, the access control configurations may be for one or more cells, as described in connection with Table 2.

The access control service may provide the access control configuration (s) to one or more eDU, as shown at 1034 and 1044. An eDU may provide, e.g., transmit, the received access control configurations, as shown at 1036 and 1046. In some aspects, the eDU may broadcast the access control configuration (s) , e.g., in system information. In some aspects, the eDU may provide the access control configuration (s) in a SIB, such as SIB1. For example, the access control configuration may be provisioned to the UE via system information. For example, if a UE 1004 does not have a valid access control configuration, the UE 1004 may acquire access control configuration (s) 1036. In some aspects, if a SIB1 indicates the access control parameters (e.g., the access control configuration) , the UE may apply the configuration from the SIB1 in the corresponding cell.

The UE 1002 and/or 1004 derives the applicable access control parameters (e.g., barring parameters) based on the access control profiles indicated in the access control configuration (s) 1036 or 1044, and one or more of a UE type, an access attempt, service information, a current area, and/or a current time. After receiving the access control configuration at 1036, the UE 1004 may determine whether or not to attempt access (e.g., to a cell provided by the eDU 1008 and/or to a service such as service X 1012 or service Y 1014) based on the access control configuration received, as illustrated at 1038. In some aspects, the determination may be referred to as access control checking. For example, the UE 1004 may determine whether an access attempt is allowed (or barred) to establish a connection with the eDU 1008 based on the access control configuration (s) 1036 and incoming traffic. As another example, the UE 1004 may determine whether an access attempt is allowed to establish a connection with the eDU 1008 for an access attempt to service X 1012 based on the access control configuration and intended service information. In some aspects, the determination may be based on an access identity and/or an access category of the access attempt. As illustrated at 1040, the UE 1004 may attempt access by transmitting one or more messages to the eDU 1008 if the UE determines that the access attempt is allowed by the access control configuration. In some aspects, if the access attempt relates to a service, additional information may be exchanged with the service via the eDU 1008, e.g., such as shown for the service X 1012 at 1042. As illustrated at 1048, the UE 1002 may determine whether to attempt access (e.g., to a cell provided by the eDU 1006 and/or another the service X 1012 or the service Y 1014) based on the access control configuration received from the eDU 1006 at 1046. As an example, the UE 1002 may determine that the intended access is barred by the access control configuration and may determine not to attempt access.

FIG. 11 illustrates an example communication diagram 1100 for access control configurations from a central access control service (e.g., 1010) that may be received by a UE in response to a request or query. The aspects of FIG. 11 that are the same as described in connection with FIG. 10 have the same reference number. In contrast to the broadcast of the access control configurations, in FIG. 11, a UE 1004 may transmit an access control configuration query 1135 (e.g., a request for one or more access control configurations) to the access control service 1010 (e.g., via the eDU 1008) . In response, the access control service 1010 transmits the access control configuration (s) 1044 to the UE 1004 (e.g., via the eDU 1008) . For example, if a UE 1004 does not have a valid access control configuration, the UE 1004 may acquire access control configuration (s) 1136. In some aspects, if a SIB1 indicates the access control parameters for the UE to download access control profiles (e.g., the access control configuration) , the UE may download the profiles from the access control service 1010.

The UE 1004 may then use the access control configuration (s) to determine whether to attempt access, as described in connection with 1038 in FIG. 10. For example, after receiving the configuration, the UE may use the configuration to determine whether to attempt access. Similarly, the UE 1002 may receive the access control configuration (s) 1146 from the access control service 1010 in response to the transmission of an access control configuration query 1145 to the access control service 1010 (e.g., via the eDU 1006) . In some aspects, the access control configuration (s) 1136 or 1146 may be received as an access control configuration download. For example, if the UE does not have a valid access control configuration stored, the UE can acquire an access control configuration from the access control service 1010. In some aspects, the AC configuration may be sent to the UE via the user plane, e.g., in a user plane transmission or a user plane message.

FIG. 12 illustrates an example communication diagram 1200 for the distribution of access control configurations from an access control service (e.g., 1206) having a distributed architecture. As shown at 1205, the distributed architecture may include an access control service 1206 that is co-located with an eDU 1204, such as described in the example in FIG. 9. In some aspects, the eDU may also include a system information service 1207 that is configured to manage and provide system information.

As shown at 1216, 1218, and 1222, the access control service 1206 may receive service information from one or more services. The services may include the eDU 1204. The information may correspond to the input described in connection with FIG. 8B. The information from the service X 1208 and/or the service Y 1210 may include a service load status (e.g., a load percentage) , service priority, associated area, and/or associated timing information. The information from the eDU 1204 may include a cell load status for one or more cells, a radio resource load status, an area information, and/or associated timing information. In some aspects, the access control service 1206 may provide a query (or request) for the information. FIG. 12 illustrates the access control service 1206 providing queries 1212, 1214, and 1220 to the various services, and shows that the service information 1216, 1218, and 1222 may be provided by the various services to the access control service 1206 in response to a respective query (e.g., of 1212, 1214, and 1220) .

The access control service 1206 may generate one or more access control configurations, at 1224, based on the received service information. The access control configuration (s) may correspond to the output illustrated in FIG. 8B. For example, the access control service 1206 may generate one or more access control profiles based on the requirements from other services and the eDU 1204.

The access control service 1206 may provide the access control configuration (s) to the eDU 1204, as shown at 1226. The eDU may provide, e.g., transmit, the received access control configurations, to one or more UEs as shown at 1228. In some aspects, the eDU 1204 may broadcast the access control configuration (s) 1228, e.g., in system information. In some aspects, the eDU 1204 may provide the access control configuration (s) 1228 in a SIB, such as SIB1. For example, the access control configuration may be provisioned to the UE 1202 via system information. For example, if a UE 1202 does not have a valid access control configuration, the UE 1202 may acquire access control configuration (s) 1228. In some aspects, if a SIB1 indicates the access control parameters (e.g., the access control configuration) , the UE may apply the configuration from the SIB1 in the corresponding cell.

The UE 1202 derives the applicable access control parameters (e.g., barring parameters) based on the access control profiles indicated in the access control configuration (s) 1228, and one or more of a UE type, an access attempt, service information, a current area, and/or a current time. As illustrated at 1230, the UE 1202 may determine whether or not to attempt access (e.g., to a cell provided by the eDU 1204 and/or to a service such as service X 1208 or service Y 1210) based on the access control configuration received at 1228. The determination may be referred to as access control checking. As illustrated at 1232, the UE 1202 may attempt access by transmitting one or more messages to the eDU 1204 if the UE determines that the access attempt is allowed by the access control configuration. In some aspects, if the access attempt relates to a service, additional information may be exchanged with the service via the eDU 1204, e.g., such as shown for the service X 1208 at 1234. In some aspects, the UE 1202 may determine, at 1230, that the intended access is barred by the access control configuration and may determine not to attempt access.

FIG. 13 illustrates an example communication diagram 1300 for the distribution of access control configurations from an access control service (e.g., 1206) having a distributed architecture. In FIG. 13, the access control configuration may be received by UE 1202 in response to a request or query. The aspects of FIG. 13 that are the same as described in connection with FIG. 12 have the same reference number. In contrast to the broadcast of the access control configurations, in FIG. 12, a UE 1202 may transmit an access control configuration query 1327 (e.g., a request for one or more access control configurations) to the access control service 1206 (e.g., via the eDU 1204) . In response, the access control service 1206 transmits the access control configuration (s) 1338 to the UE 1202 (e.g., via the eDU 1204) . For example, if a UE 1202 does not have a valid access control configuration, the UE 1202 may acquire access control configuration (s) 1338. In some aspects, if a SIB1 indicates the access control parameters for the UE to download access control profiles (e.g., the access control configuration) , the UE may download the profiles from the access control service 1206. The UE 1202 may then use the access control configuration (s) to determine whether to attempt access, as described in connection with 1230 in FIG. 12.

FIG. 14 is a flowchart 1400 of a method of wireless communication. The method may be performed by an access control service (e.g., the access control service 173, 814, 906, 907, 1010, 1206; the network entity 2060) . Aspects of the method enable access control configurations that help to avoid and/or address overload situations at services and/or RAN nodes (e.g., eDUs) in a network having a service-based architecture. The method enables a more global view to be considered when generating the access control configurations.

At 1402, the access control service obtains (e.g., receives) information for one or more services in a wireless network with a service-based architecture. For example, the access control service may receive assistance information from service (s) in the network. FIGs. 8A-13 illustrate various examples of an access control service receiving service information from various services. The one or more services may include one or more network nodes, and the information may include access control information for the network node. As an example, FIGs. 10-13 illustrates an access control service 814, 906, 907, 1010, or 1206 receiving information from eDUs 802, 803, 902, 903, 1006, 1008, and 1204. In some aspects, the information may include access control assistance information from multiple network nodes (e.g., such as shown in FIG. 8A, 10 or 11) . For example, the access control service may be a central access control service, such as described in connection with FIG. 8A, 10, and 11. In some aspects, the access control service may be associated with a single network node, e.g., and may be a distributed access control service, such as described in connection with FIGs. 9, 12, and 13. In some aspects, the obtaining, or reception, may be performed by the access control component 191, e.g., of the network entity 2060.

In some aspects, the information (e.g., any of 1020, 1020, 1028, 1030, 1216, 1218, 1222) received from the service (s) may include one or more of a service load status for the one or more services, a load percentage for the one or more services, a service priority for the one or more services, a network node load status, a cell load status, a radio resource load status, an associated area, or an associated time period. In some aspects, the access control service may receive the information from the one or more services via an API, e.g., as described in connection with FIGs. 8A or 9.

At 1404, the access control service provides, based on the information from the one or more services, an access control configuration for one or more cells. In some aspects, the one or more cells may be provided by a network node (e.g., such as eDU 802, 803, 90, 903, 1002, 1004, 1202) . In some aspects, the providing may be performed by the access control component 191, e.g., of the network entity 2060. In some aspects, the access control configuration may include one or more access control profiles generated based on the information received for the one or more services. In some aspects, the access control configuration may be for a single cell, e.g., cell specific. In some aspects, the access control configuration may include parameters for multiple cells, such as described in connection with Table 2.

In some aspects, the access control service may receive updated information from the one or more services and provide an updated access control configuration for the one or more cells based on the updated information.

In some aspects, the access control service may provide a service status query to the one or more services, wherein the information is received in response to the service status query. FIGs. 10-13 illustrate examples of queries for the information.

In some aspects, the access control service receives a request for the access control configuration, wherein the access control configuration is provided in response to the request.

FIG. 15 is a flowchart 1500 of a method of wireless communication. The method may be performed by a network node (e.g., the base station 102, 410, (or a component of a base station such as one or more of a CU 106 or 210, DU 105 or 230, or RU 109 or 240) ; eDU 524, 624, 722, 802, 803, 902, 903, 1006, 1008, 1204; the network entity 1902) . Although example aspects are described as being performed by an eDU as an example of a network node, the network node may also be referred to as a base station, a 6G base station, a RAN, a RAN node, a 6G RAN, a network entity, a DU, among others. Aspects of the method enable access control configurations that help to avoid and/or address overload situations at services and/or RAN nodes (e.g., eDUs) in a network having a service-based architecture. The method enables a more global view to be considered when generating the access control configurations.

At 1502, the network node provides information to an access control service in a service-based wireless network. In some aspects, the access control configuration is for one or more cells provided by the network node. In some aspects, the access control service is associated with multiple network nodes. In some aspects, the access control service is associated with a single network node, and is located at the network node. In some aspects, the providing may be performed by the access control component 199, e.g., of the network entity 1902. FIGs. 8A, 9, 10, 11, 12, and 13 illustrate various examples of an eDU providing information to an access control service. In some aspects, the access control service may be a centralized service, e.g., as shown in FIG. 8A, 10, and 11. In some aspects, the access control service may be a distributed access control service, e.g., as shown in FIGs. 9, 12, and 13.

At 1504, the network node receives an access control configuration from (e.g., generated by) the access control service based, at least in part, on the information and additional information for one or more services of the wireless network. In some aspects, the additional information from the one or more services is received at the network node via an API. In some aspects, the information includes one or more of: a network node load status, a cell load status, a radio resource load status, an associated area, or an associated time period. In some aspects, the additional information includes one or more of: a service load status for the one or more services, a load percentage for the one or more services, a service priority for the one or more services, an area associated with the additional information, or a time period associated with the additional information. FIGs. 10-13 illustrate examples of an eDU receiving an access control configuration from an access control service. In some aspects, the reception may be performed by the access control component 199, e.g., of the network entity 1902.

At 1506, the network node provides the access control configuration for at least one UE. In some aspect, the network node may transmit the access control configuration in a SIB. For example, the access control configuration may be broadcast in SIB1. FIGs. 10 and 12 illustrate examples of an eDU transmitting access control configuration (s) . In some aspects, the network node may receive a service status query from the access control service, wherein the information is provided in response to the service status query. In some aspects, the network node is configured to receive a request from the UE for the access control configuration; and provide the request to the access control service, wherein the access control configuration is received in response to the request, and wherein the access control configuration is provided to the UE over a user plane. FIGs. 11 and 13 illustrate examples of sending an access control configuration over the user plane in response to a request from a UE. In some aspects, the providing may be performed by the access control component 199, e.g., of the network entity 1902.

FIG. 16 is a flowchart 1600 of a method of wireless communication. The method may be performed by a UE (e.g., the UE 104; 450; 724, 804 805, 904, 905, 1002, 1004, 1202; the apparatus 1804) . Aspects of the method enable access control configurations that help to avoid and/or address overload situations at services and/or RAN nodes (e.g., eDUs) in a network having a service-based architecture. The method enables a more global view to be considered when generating the access control configurations.

At 1602, the UE receives an access control configuration from an access control service in a wireless network that has a service-based architecture. In some aspects, the access control configuration is in a system information block (SIB) . In some aspects, the UE may transmit a request for the access control configuration, wherein the access control configuration is received over a user plane in response to the request. In some aspects, the UE may receive, prior to reception of the access control configuration, system information that indicates for the UE to download the access control configuration from the access control service. The reception may be performed, e.g., by the access component 198 of the apparatus 1804. FIGs. 10-13 illustrate various examples of UEs receiving an access control configuration that is generated by an access control service. The reception may be via an eDU, for example.

At 1604, the UE determines whether to access a service of the wireless network based on the access control configuration (e.g., from the access control service) and at least one of incoming traffic or service information. In some aspects to determine whether to attempt to access the service based on the access control configuration, the UE may determine barring parameters based on the access control configuration and one or more of: a UE type, an access attempt, service information, a current area, an access control (AC) profile, or an associated time. In some aspects, the UE may attempt to access a network node based on the access control configuration and the incoming traffic. In some aspects, the UE may attempt to access the service based on the access control configuration and the intended service information. The determination may be performed, e.g., by the access component 198 of the apparatus 1804. FIGs. 10-13 illustrate examples of UEs determining whether to attempt access based on an access control configuration.

FIG. 17 is a flowchart 1700 of a method of wireless communication. The method may be performed by a service (e.g., 175, 516, 612, 614, 713, 714, 716, 713, 812, 816, 912, 914, 916, 1012, 1014, 1208, 1210) or the network entity 2160. Aspects of the method enable access control configurations that help to avoid and/or address overload situations at services and/or RAN nodes (e.g., eDUs) in a network having a service-based architecture. The method enables a more global view to be considered when generating the access control configurations.

At 1702 the service provides information for the service to one or more access control services. In some aspects, the information includes one or more of: a service load status for the service, a load percentage for the service, a service priority for the one or more service, an associated area, or an associated time period. In some aspects, the access control service is a central access control service associated with multiple network nodes (e.g., for a centralized architecture such as shown in FIGs. 8A, 10, and 11) . In some aspects, providing the information includes providing the information to multiple access control service, wherein each access control service is associated with a single network node (e.g., in a distributed architecture such as shown in FIG. 9, 12, and 13) . In some aspects, the service may provide the information to the single network node via an API. In some aspects, the service may receive a query from the access control service, wherein the information is provided to the access control service in response to the query. The providing may be performed, e.g., by the access control component 199 of the network entity 2160. FIGs. 8A and 9-13 illustrate examples of services providing information to an access control service.

At 1704, the service receives an attempt for access to the service for a user equipment (UE) based on an access control configuration from an access control service of the one or more access control services. The reception may be performed, e.g., by the access control component 199 of the network entity 2160. FIGs. 10-13 illustrate examples of a service receiving a message about an access attempt from a UE.

FIG. 18 is a diagram 1800 illustrating an example of a hardware implementation for an apparatus 1804. The apparatus 1804 may be a UE, a component of a UE, or may implement UE functionality. In some aspects, the apparatus1804 may include at least one cellular baseband processor 1824 (also referred to as a modem or processor circuitry) coupled to one or more transceivers 1822 (e.g., cellular RF transceiver) . The cellular baseband processor (s) 1824 may include at least one on-chip memory 1824' (or memory circuitry) . In some aspects, the apparatus 1804 may further include one or more subscriber identity modules (SIM) cards 1820 and at least one application processor 1806 coupled to a secure digital (SD) card 1808 and a screen 1810. The application processor (s) 1806 may include on-chip memory 1806'. In some aspects, the apparatus 1804 may further include a Bluetooth module 1812, a WLAN module 1814, an SPS module 1816 (e.g., GNSS module) , one or more sensor modules 1818 (e.g., barometric pressure sensor /altimeter; motion sensor such as inertial measurement unit (IMU) , gyroscope, and/or accelerometer (s) ; light detection and ranging (LIDAR) , radio assisted detection and ranging (RADAR) , sound navigation and ranging (SONAR) , magnetometer, audio and/or other technologies used for positioning) , additional memory modules 1826, a power supply 1830, and/or a camera 1832. The Bluetooth module 1812, the WLAN module 1814, and the SPS module 1816 may include an on-chip transceiver (TRX) (or in some cases, just a receiver (RX) ) . The Bluetooth module 1812, the WLAN module 1814, and the SPS module 1816 may include their own dedicated antennas and/or utilize the antennas 1880 for communication. The cellular baseband processor (s) 1824 communicates through the transceiver (s) 1822 via one or more antennas 1880 with the UE 104 and/or with an RU associated with a network entity 1802. The cellular baseband processor (s) 1824 and the application processor (s) 1806 may each include a computer-readable medium /memory 1824', 1806', respectively. The additional memory modules 1826 may also be considered a computer-readable medium /memory. Each computer-readable medium /memory 1824', 1806', 1826 may be non-transitory. The cellular baseband processor (s) 1824 and the application processor (s) 1806 are each responsible for general processing, including the execution of software stored on the computer-readable medium /memory. The software, when executed by the cellular baseband processor (s) 1824 /application processor (s) 1806, causes the cellular baseband processor (s) 1824 /application processor (s) 1806 to perform the various functions described supra. The cellular baseband processor (s) 1824 and the application processor (s) 1806 are configured to perform the various functions described supra based at least in part of the information stored in the memory. That is, the cellular baseband processor (s) 1824 and the application processor (s) 1806 may be configured to perform a first subset of the various functions described supra without information stored in the memory and may be configured to perform a second subset of the various functions described supra based on the information stored in the memory. The computer-readable medium /memory may also be used for storing data that is manipulated by the cellular baseband processor (s) 1824 /application processor (s) 1806 when executing software. The cellular baseband processor (s) 1824 /application processor (s) 1806 may be a component of the UE 450 and may include the at least one memory 460 and/or at least one of the TX processor 468, the RX processor 456, and the controller/processor 459. In one configuration, the apparatus 1804 may be at least one processor chip (modem and/or application) and include just the cellular baseband processor (s) 1824 and/or the application processor (s) 1806, and in another configuration, the apparatus 1804 may be the entire UE (e.g., see UE 450 of FIG. 4) and include the additional modules of the apparatus 1804.

As discussed supra, the access component 198 may be configured to receive an access control configuration from an access control service in a wireless network that has a service-based architecture; and determine whether to access a service of the wireless network based on the access control configuration and at least one of incoming traffic or service information. The access component, and/or the UE, may be further configured to attempt to access a network node based on the access control configuration and the incoming traffic, attempt to access the service based on the access control configuration and the intended service information, receive, prior to reception of the access control configuration, system information that indicates for the UE to download the access control configuration from the access control service, or determine barring parameters based on the access control configuration. The apparatus 1804 may further be configured to perform any of the aspects described in connection with the flowchart in FIG. 16 and/or any of the aspects performed by the UE in any of FIGs. 7C-13. The access component 198 may be within the cellular baseband processor (s) 1824, the application processor (s) 1806, or both the cellular baseband processor (s) 1824 and the application processor (s) 1806. The access component 198 may be one or more hardware components specifically configured to carry out the stated processes/algorithm, implemented by one or more processors configured to perform the stated processes/algorithm, stored within a computer-readable medium for implementation by one or more processors, or some combination thereof. When multiple processors are implemented, the multiple processors may perform the stated processes/algorithm individually or in combination. As shown, the apparatus 1804 may include a variety of components configured for various functions. In one configuration, the apparatus 1804, and in particular the cellular baseband processor (s) 1824 and/or the application processor (s) 1806, may include means for receiving an access control configuration from an access control service in a wireless network that has a service-based architecture; and means for determining whether to access a service of the wireless network based on the access control configuration and at least one of incoming traffic or service information. The apparatus 1804, may further include means for attempting to access a network node based on the access control configuration and the incoming traffic, means for attempting to access the service based on the access control configuration and the intended service information, means for receiving, prior to reception of the access control configuration, system information that indicates for the UE to download the access control configuration from the access control service, or means for determining barring parameters based on the access control configuration. The apparatus 1804 may further include means for performing any of the aspects described in connection with the flowchart in FIG. 16 and/or any of the aspects performed by the UE in any of FIGs. 7C-13. The means may be the access component 198 of the apparatus 1804 configured to perform the functions recited by the means. As described supra, the apparatus 1804 may include the TX processor 468, the RX processor 456, and the controller/processor 459. As such, in one configuration, the means may be the TX processor 468, the RX processor 456, and/or the controller/processor 459 configured to perform the functions recited by the means.

FIG. 19 is a diagram 1900 illustrating an example of a hardware implementation for a network entity 1902. The network entity 1902 may be a BS, a component of a BS, or may implement BS functionality. The network entity 1902 may include at least one of a CU 1910, a DU 1930, or an RU 1940. For example, depending on the layer functionality handled by the access control component 199, the network entity 1902 may include the CU 1910; both the CU 1910 and the DU 1930; each of the CU 1910, the DU 1930, and the RU 1940; the DU 1930; both the DU 1930 and the RU 1940; or the RU 1940. The CU 1910 may include at least one CU processor 1912 (or processor circuitry) . The CU processor (s) 1912 may include on-chip memory 1912' (or memory circuitry) . In some aspects, the CU 1910 may further include additional memory modules 1914 and a communications interface 1918. The CU 1910 communicates with the DU 1930 through a midhaul link, such as an F1 interface. The DU 1930 may include at least one DU processor 1932 (or processor circuitry) . The DU processor (s) 1932 may include on-chip memory 1932' (or memory circuitry) . In some aspects, the DU 1930 may further include additional memory modules 1934 and a communications interface 1938. The DU 1930 communicates with the RU 1940 through a fronthaul link. The RU 1940 may include at least one RU processor 1942 (or processor circuitry) . The RU processor (s) 1942 may include on-chip memory 1942' (or memory circuitry) . In some aspects, the RU 1940 may further include additional memory modules 1944, one or more transceivers 1946, antennas 1980, and a communications interface 1948. The RU 1940 communicates with the UE 104. The on-chip memory 1912', 1932', 1942' and the additional memory modules 1914, 1934, 1944 may each be considered a computer-readable medium /memory. Each computer-readable medium /memory may be non-transitory. Each of the processors 1912, 1932, 1942 is responsible for general processing, including the execution of software stored on the computer-readable medium /memory. The software, when executed by the corresponding processor (s) causes the processor (s) to perform the various functions described supra. The computer-readable medium /memory may also be used for storing data that is manipulated by the processor (s) when executing software.

As discussed supra, the access control component 199 may be configured to provide information to an access control service in a wireless network; receive an access control configuration from the access control service based, at least in part, on the information and additional information for one or more services of the wireless network; and provide the access control configuration for at least one user equipment (UE) . In some aspects, the access control component 199, or the network entity 1902, may be further configured to receive a service status query from the access control service, wherein the information is provided in response to the service status query. In some aspects, the access control component 199, or the network entity 1902, may be further configured to receive a request from the UE for the access control configuration and provide the request to the access control service, wherein the access control configuration is received in response to the request, and wherein the access control configuration is provided to the UE over a user plane. The network entity may be further configured to perform any of the aspects described in connection with the flowchart in FIG. 15 and/or any of the aspects performed by the eDU in any of FIGs. 5B, 6, or 7C-13. The access control component 199 may be within one or more processors of one or more of the CU 1910, DU 1930, and the RU 1940. The access control component 199 may be one or more hardware components specifically configured to carry out the stated processes/algorithm, implemented by one or more processors configured to perform the stated processes/algorithm, stored within a computer-readable medium for implementation by one or more processors, or some combination thereof. When multiple processors are implemented, the multiple processors may perform the stated processes/algorithm individually or in combination. The network entity 1902 may include a variety of components configured for various functions. In one configuration, the network entity 1902 may include means for providing information to an access control service in a wireless network; receiving an access control configuration from the access control service based, at least in part, on the information and additional information for one or more services of the wireless network; and providing the access control configuration for at least one UE. In some aspects, the network entity 1902, may further include means for receiving a service status query from the access control service, wherein the information is provided in response to the service status query. In some aspects, the network entity 1902, may further include means for receiving a request from the UE for the access control configuration and means for providing the request to the access control service, wherein the access control configuration is received in response to the request, and wherein the access control configuration is provided to the UE over a user plane. The network entity may further include means for performing any of the aspects described in connection with the flowchart in FIG. 15 and/or any of the aspects performed by the eDU in any of FIGs. 5B, 6, or 7C-13. The means may be the access control component 199 of the network entity 1902 configured to perform the functions recited by the means. As described supra, the network entity 1902 may include the TX processor 416, the RX processor 470, and the controller/processor 475. As such, in one configuration, the means may be the TX processor 416, the RX processor 470, and/or the controller/processor 475 configured to perform the functions recited by the means.

FIG. 20 is a diagram 2000 illustrating an example of a hardware implementation for a network entity 2060. In some aspects, the network entity 2060 may be an access control service (e.g., as described in connection with any of FIGs. 8A-13. In one example, the network entity 2060 may be within the core network 190. The network entity 2060 may include at least one network processor 2012 (or processor circuitry) . The network processor (s) 2012 may include on-chip memory 2012' (or memory circuitry) . In some aspects, the network entity 2060 may further include additional memory modules 2014. The network entity 2060 communicates via the network interface 2080 directly (e.g., backhaul link) or indirectly (e.g., through a RIC) with the CU 2002. The on-chip memory 2012' and the additional memory modules 2014 may each be considered a computer-readable medium /memory. Each computer-readable medium /memory may be non-transitory. The network processor (s) 2012 is responsible for general processing, including the execution of software stored on the computer-readable medium /memory. The software, when executed by the corresponding processor (s) causes the processor (s) to perform the various functions described supra. The computer-readable medium /memory may also be used for storing data that is manipulated by the processor (s) when executing software.

As discussed supra, the access control component 191 may be configured to obtain, at the access control service, information for one or more services in a wireless network with a service-based architecture; and provide, based on the information from the one or more services, an access control configuration for one or more cells. In some aspects, the access control component 191 or the network entity 2060 may be further configured to receive updated information from the one or more services; and provide an updated access control configuration for the one or more cells based on the updated information. In some aspects, the access control component 191 or the network entity 2060 may be further configured to provide a service status query to the one or more services, wherein the information is received in response to the service status query. In some aspects, the access control component 191 or the network entity 2060 may be further configured to receive a request for the access control configuration, wherein the access control configuration is provided in response to the request. The access control component 191 may be within the network processor (s) 2012. In some aspects, the access control component 191 or the network entity 2060 may be further configured to perform any of the aspects described in connection with the flowchart in FIG. 14 and/or any of the aspects performed by the access control service in any of FIGs. 8A-13 or by the services in FIGs. 5B, 6, 7B, or 7C. The access control component 191 may be one or more hardware components specifically configured to carry out the stated processes/algorithm, implemented by one or more processors configured to perform the stated processes/algorithm, stored within a computer-readable medium for implementation by one or more processors, or some combination thereof. When multiple processors are implemented, the multiple processors may perform the stated processes/algorithm individually or in combination. The network entity 2060 may include a variety of components configured for various functions. In one configuration, the network entity 2060 may include means for obtaining, at the access control service, information for one or more services in a wireless network with a service-based architecture; and means for providing, based on the information from the one or more services, an access control configuration for one or more cells. In some aspects, the network entity 2060 may further include means for receiving updated information from the one or more services; and provide an updated access control configuration for the one or more cells based on the updated information. In some aspects, the network entity 2060 may further include means for providing a service status query to the one or more services, wherein the information is received in response to the service status query. In some aspects, the network entity 2060 may further include means for receiving a request for the access control configuration, wherein the access control configuration is provided in response to the request. In some aspects, the access control component 191 or the network entity 2060 may further include means for performing any of the aspects described in connection with the flowchart in FIG. 14 and/or any of the aspects performed by the access control service in any of FIGs. 8A-13 or by the services in FIGs. 5B, 6, 7B, or 7C. The means may be the access control component 191 of the network entity 2060 configured to perform the functions recited by the means.

FIG. 21 is a diagram 2100 illustrating an example of a hardware implementation for a network entity 2160. In some aspects, the network entity 2160 may be a service in a service-based network architecture. In one example, the network entity 2160 may be within the core network 190. The network entity 2160 may include at least one network processor 2112 (or processor circuitry) . The network processor (s) 2112 may include on-chip memory 2112' (or memory circuitry) . In some aspects, the network entity 2160 may further include additional memory modules 2114. The network entity 2160 communicates via the network interface 2180 directly (e.g., backhaul link) or indirectly (e.g., through a RIC) with the CU 2102. The on-chip memory 2112' and the additional memory modules 2114 may each be considered a computer-readable medium /memory. Each computer-readable medium /memory may be non-transitory. The network processor (s) 2112 is responsible for general processing, including the execution of software stored on the computer-readable medium /memory. The software, when executed by the corresponding processor (s) causes the processor (s) to perform the various functions described supra. The computer-readable medium /memory may also be used for storing data that is manipulated by the processor (s) when executing software.

As discussed supra, the access control component 199 may be configured to provide information for the service to one or more access control services; and receive an attempt for access to the service for a UE based on an access control configuration from an access control service of the one or more access control services. The access control component 199 may be within the network processor (s) 2112. The access control component 199 may be one or more hardware components specifically configured to carry out the stated processes/algorithm, implemented by one or more processors configured to perform the stated processes/algorithm, stored within a computer-readable medium for implementation by one or more processors, or some combination thereof. When multiple processors are implemented, the multiple processors may perform the stated processes/algorithm individually or in combination. The network entity 2160 may include a variety of components configured for various functions. In one configuration, the network entity 2160 may include means for providing information for the service to one or more access control services; and means for receiving an attempt for access to the service for a user equipment (UE) based on an access control configuration from an access control service of the one or more access control services. The means may be the access control component 199 of the network entity 2160 configured to perform the functions recited by the means.

It is understood that the specific order or hierarchy of blocks in the processes /flowcharts disclosed is an illustration of example approaches. Based upon design preferences, it is understood that the specific order or hierarchy of blocks in the processes /flowcharts may be rearranged. Further, some blocks may be combined or omitted. The accompanying method claims present elements of the various blocks in a sample order, and are not limited to the specific order or hierarchy presented.

The previous description is provided to enable any person skilled in the art to practice the various aspects described herein. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects. Thus, the claims are not limited to the aspects described herein, but are to be accorded the full scope consistent with the language claims. Reference to an element in the singular does not mean “one and only one” unless specifically so stated, but rather “one or more. ” Terms such as “if, ” “when, ” and “while” do not imply an immediate temporal relationship or reaction. That is, these phrases, e.g., “when, ” do not imply an immediate action in response to or during the occurrence of an action, but simply imply that if a condition is met then an action will occur, but without requiring a specific or immediate time constraint for the action to occur. The word “exemplary” is used herein to mean “serving as an example, instance, or illustration. ” Any aspect described herein as “exemplary” is not necessarily to be construed as preferred or advantageous over other aspects. Unless specifically stated otherwise, the term “some” refers to one or more. Combinations such as “at least one of A, B, or C, ” “one or more of A, B, or C, ” “at least one of A, B, and C, ” “one or more of A, B, and C, ” and “A, B, C, or any combination thereof” include any combination of A, B, and/or C, and may include multiples of A, multiples of B, or multiples of C. Specifically, combinations such as “at least one of A, B, or C, ” “one or more of A, B, or C, ” “at least one of A, B, and C, ” “one or more of A, B, and C, ” and “A, B, C, or any combination thereof” may be A only, B only, C only, A and B, A and C, B and C, or A and B and C, where any such combinations may contain one or more member or members of A, B, or C. Sets should be interpreted as a set of elements where the elements number one or more. Accordingly, for a set of X, X would include one or more elements. When at least one processor is configured to perform a set of functions, the at least one processor, individually or in any combination, is configured to perform the set of functions. Accordingly, each processor of the at least one processor may be configured to perform a particular subset of the set of functions, where the subset is the full set, a proper subset of the set, or an empty subset of the set. A processor may be referred to as processor circuitry. A memory /memory module may be referred to as memory circuitry. If a first apparatus receives data from or transmits data to a second apparatus, the data may be received/transmitted directly between the first and second apparatuses, or indirectly between the first and second apparatuses through a set of apparatuses. A device configured to “output” data or “provide” data, such as a transmission, signal, or message, may transmit the data, for example with a transceiver, or may send the data to a device that transmits the data. A device configured to “obtain” data, such as a transmission, signal, or message, may receive, for example with a transceiver, or may obtain the data from a device that receives the data. Information stored in a memory includes instructions and/or data. All structural and functional equivalents to the elements of the various aspects described throughout this disclosure that are known or later come to be known to those of ordinary skill in the art are expressly incorporated herein by reference and are encompassed by the claims. Moreover, nothing disclosed herein is dedicated to the public regardless of whether such disclosure is explicitly recited in the claims. The words “module, ” “mechanism, ” “element, ” “device, ” and the like may not be a substitute for the word “means. ” As such, no claim element is to be construed as a means plus function unless the element is expressly recited using the phrase “means for. ”

As used herein, the phrase “based on” shall not be construed as a reference to a closed set of information, one or more conditions, one or more factors, or the like. In other words, the phrase “based on A” (where “A” may be information, a condition, a factor, or the like) shall be construed as “based at least on A” unless specifically recited differently.

The following aspects are illustrative only and may be combined with other aspects or teachings described herein, without limitation.

Aspect 1 is a method at an access control service for wireless communication, comprising: obtaining, at the access control service, information for one or more services in a wireless network with a service based architecture; and providing, based on the information from the one or more services, an access control configuration for one or more cells.

Aspect 2 is the method of aspect 1, wherein the access control configuration includes one or more access control profiles generated based on the information received for the one or more services.

Aspect 3 is the method of aspect 1 or 2, wherein the one or more services includes one or more network nodes, and the information includes access control assistance information.

Aspect 4 is the method of any of aspects 1-3, wherein the information includes the access control assistance information from multiple network nodes.

Aspect 5 is the method of any of aspects 1-3, wherein the access control service is associated with a single network node.

Aspect 6 is the method of aspect 5, wherein the access control service is located at the single network node.

Aspect 7 is the method of any of aspects 1-6, wherein the access control configuration is for multiple cells provided by a network node.

Aspect 8 is the method of any of aspects 1-7, wherein the information includes one or more of: a service load status for the one or more services, a load percentage for the one or more services, a service priority for the one or more services, a network node load status, a cell load status, a radio resource load status, an associated area, or an associated time period.

Aspect 9 is the method of any of aspects 1-7, wherein the information includes: a service load status for the one or more services.

Aspect 10 is the method of any of aspects 1-7, wherein the information includes: a load percentage for the one or more services.

Aspect 11 is the method of any of aspects 1-7, wherein the information includes: a service priority for the one or more services.

Aspect 12 is the method of any of aspects 1-7, wherein the information includes: a network node load status.

Aspect 13 is the method of any of aspects 1-7, wherein the information includes: a cell load status.

Aspect 14 is the method of any of aspects 1-7, wherein the information includes: a radio resource load status.

Aspect 15 is the method of any of aspects 1-7, wherein the information includes: an associated area.

Aspect 16 is the method of any of aspects 1-7, wherein the information includes: an associated time period.

Aspect 17 is the method of any of aspects 1-16, wherein the access control service receives the information from the one or more services via an application programming interface (API) .

Aspect 18 is the method of any of aspects 1-17, further comprising: receiving updated information from the one or more services; and providing an updated access control configuration for the one or more cells based on the updated information.

Aspect 19 is the method of any of aspects 1-18, further comprising: providing a service status query to the one or more services, wherein the information is received in response to the service status query.

Aspect 20 is the method of any of aspects 1-18, further comprising receiving a request for the access control configuration, wherein the access control configuration is provided in response to the request.

Aspect 21 is a method for wireless communication at a network node, comprising: providing information to an access control service in a wireless network; receiving an access control configuration from the access control service based, at least in part, on the information and additional information for one or more services of the wireless network; and providing the access control configuration for at least one user equipment (UE) .

Aspect 22 is the method of aspect 21, wherein the access control configuration is for one or more cells provided by the network node.

Aspect 23 is the method of aspect 21 or 22, wherein the access control service is associated with multiple network nodes.

Aspect 24 is the method of aspect 21 or 22, wherein the access control service is associated with a single network node, and is located at the network node.

Aspect 25 is the method of any of aspects 21-24, wherein the additional information from the one or more services is received at the network node via an application programming interface (API) .

Aspect 26 is the method of any of aspects 21-25, wherein the information includes one or more of: a network node load status, a cell load status, a radio resource load status, an associated area, or an associated time period.

Aspect 27 is the method of any of aspects 21-25, wherein the information includes a network node load status.

Aspect 28 is the method of any of aspects 21-25, wherein the information includes a cell load status.

Aspect 29 is the method of any of aspects 21-25, wherein the information includes a radio resource load status.

Aspect 30 is the method of any of aspects 21-25, wherein the information includes an associated area.

Aspect 31 is the method of any of aspects 21-25, wherein the information includes an associated time period.

Aspect 32 is the method of any of aspects 21-31, wherein the additional information includes one or more of: a service load status for the one or more services, a load percentage for the one or more services, a service priority for the one or more services, an area associated with the additional information, or a time period associated with the additional information.

Aspect 33 is the method of any of aspects 21-31, wherein the additional information includes a service load status for the one or more services.

Aspect 34 is the method of any of aspects 21-31, wherein the additional information includes a load percentage for the one or more services.

Aspect 35 is the method of any of aspects 21-31, wherein the additional information includes a service priority for the one or more services.

Aspect 36 is the method of any of aspects 21-31, wherein the additional information includes an area associated with the additional information.

Aspect 37 is the method of any of aspects 21-31, wherein the additional information includes a time period associated with the additional information.

Aspect 38 is the method of any of aspects 21-37, providing the access control configuration to at least one UE includes: transmitting the access control configuration in a system information block (SIB) .

Aspect 39 is the method of any of aspects 21-38, further comprising: receiving a service status query from the access control service, wherein the information is provided in response to the service status query.

Aspect 40 is the method of any of aspects 21-37 or 39, further comprising providing a request for the access control configuration from the UE to the access control service, wherein the access control configuration is received in response to the request, and wherein the access control configuration is provided to the UE over a user plane.

Aspect 41 is a method for wireless communication at a user equipment (UE) , comprising: receiving an access control configuration from an access control service in a wireless network that has a service based architecture; and determining whether to access a service of the wireless network based on the access control configuration and at least one of incoming traffic or service information.

Aspect 42 is the method of aspect 41, further comprising attempting to access a network node based on the access control configuration and the incoming traffic.

Aspect 43 is the method of aspect 41, further comprising attempting to access the service based on the access control configuration and the service information.

Aspect 44 is the method of any of aspects 41-43, wherein the access control configuration is in a system information block (SIB) .

Aspect 45 is the method of any of aspects 41-43, further comprising transmitting a request for the access control configuration, wherein the access control configuration is received over a user plane in response to the request.

Aspect 46 is the method of aspect 45, further comprising receiving, prior to reception of the access control configuration, system information that indicates for the UE to download the access control configuration from the access control service.

Aspect 47 is the method of any of aspects 41-46, wherein attempting to access the service based on the access control configuration includes determining barring parameters based on the access control configuration and one or more of: a UE type, an access attempt, service information, a current area, an access control (AC) profile, or an associated time.

Aspect 48 is the method of any of aspects 41-46, wherein attempting to access the service based on the access control configuration includes determining barring parameters based on the access control configuration and a UE type.

Aspect 49 is the method of any of aspects 41-46, wherein attempting to access the service based on the access control configuration includes determining barring parameters based on the access control configuration and an access attempt.

Aspect 50 is the method of any of aspects 41-46, wherein attempting to access the service based on the access control configuration includes determining barring parameters based on the access control configuration and service information.

Aspect 51 is the method of any of aspects 41-46, wherein attempting to access the service based on the access control configuration includes determining barring parameters based on the access control configuration and a current area.

Aspect 52 is the method of any of aspects 41-46, wherein attempting to access the service based on the access control configuration includes determining barring parameters based on the access control configuration and an access control (AC) profile.

Aspect 53 is the method of any of aspects 41-46, wherein attempting to access the service based on the access control configuration includes determining barring parameters based on the access control configuration and an associated time.

Aspect 54 is a method for a service associated with a wireless network, comprising: providing information for the service to one or more access control services; and receiving an attempt for access to the service for a user equipment (UE) based on an access control configuration from an access control service of the one or more access control services.

Aspect 55 is the method of aspect 54, wherein the information includes one or more of: a service load status for the service, a load percentage for the service, a service priority for the one or more service, an associated area, or an associated time period.

Aspect 56 is the method of any of aspects 54-55, wherein the information includes a service load status for the service.

Aspect 57 is the method of any of aspects 54-56, wherein the information includes a load percentage for the service.

Aspect 58 is the method of any of aspects 54-57, wherein the information includes a service priority for the one or more service.

Aspect 59 is the method of any of aspects 54-58, wherein the information includes an associated area.

Aspect 60 is the method of any of aspects 54-59, wherein the information includes an associated time period.

Aspect 61 is the method of any of aspects 54-60, wherein the access control service is a central access control service associated with multiple network nodes.

Aspect 62 is the method of any of aspects 54-60, wherein providing the information includes providing the information to multiple access control service, wherein each access control service is associated with a single network node.

Aspect 63 is the method of any of aspects 54-62, wherein providing the information includes providing the information to the single network node via an application programming interface (API) .

Aspect 64 is the method of any of aspects 54-61, further comprising: receiving a query from the access control service, wherein the information is provided to the access control service in response to the query.

Aspect 65 is an apparatus for wireless communication at an access control service, comprising: one or more memories; and one or more processors coupled to the one or more memories and configured to cause the access control service to perform the method of any of aspects 1 to 20.

Aspect 66 is an apparatus for wireless communication at an access control service, comprising: one or more memories; and one or more processors coupled to the one or more memories and configured, individually or in any combination, to cause the access control service to perform the method of any of aspects 1 to 20.

Aspect 67 is an apparatus for wireless communication at an access control service, comprising means for performing each step in the method of any of aspects 1 to 20.

Aspect 68 is an access control service, comprising: a processing system that includes processor circuitry and memory circuitry that stores code and is coupled with the processor circuitry, the processing system configured to cause the access control service to: perform the method of any of aspects 1 to 20.

Aspect 69 is the apparatus of any of aspects 65-68, further comprising one or more antennas configured to receive or to transmit in association with the method of any of aspects 1 to 20.

Aspect 70 is a computer-readable storage medium (e.g., a non-transitory computer-readable storage medium) storing computer executable code at an access control service, the code when executed by one or more processors causes the access control service to perform the method of any of aspects 1 to 20.

Aspect 71 is an apparatus for wireless communication at a network node, comprising: one or more memories; and one or more processors coupled to the one or more memories and configured to cause the network node to perform the method of any of aspects 21-40.

Aspect 72 is an apparatus for wireless communication at a network node, comprising: one or more memories; and one or more processors coupled to the one or more memories and configured, individually or in any combination, to cause the network node to perform the method of any of aspects 21-40.

Aspect 73 is an apparatus for wireless communication at a network node, comprising means for performing each step in the method of any of aspects 21-40.

Aspect 74 is a network node comprising: a processing system that includes processor circuitry and memory circuitry that stores code and is coupled with the processor circuitry, the processing system configured to cause the to: perform the method of any of aspects 21-40.

Aspect 75 is the apparatus of any of aspects 71-74, further comprising one or more antennas configured to receive or to transmit in association with the method of any of aspects 21-40.

Aspect 76 is a computer-readable storage medium (e.g., a non-transitory computer-readable storage medium) storing computer executable code at a network node, the code when executed by one or more processors causes the network node to perform the method of any of aspects 21-40.

Aspect 77 is an apparatus for wireless communication at a UE, comprising: one or more memories; and one or more processors coupled to the one or more memories and configured to cause the UE to perform the method of any of aspects 41-53.

Aspect 78 is an apparatus for wireless communication at a UE, comprising: one or more memories; and one or more processors coupled to the one or more memories and configured, individually or in any combination, to cause the UE to perform the method of any of aspects 41-53.

Aspect 79 is an apparatus for wireless communication at a UE, comprising means for performing each step in the method of any of aspects 41-53.

Aspect 80 is a UE comprising: a processing system that includes processor circuitry and memory circuitry that stores code and is coupled with the processor circuitry, the processing system configured to cause the UE to: perform the method of any of aspects 41-53.

Aspect 81 is the apparatus of any of aspects 77-80, further comprising one or more antennas configured to receive or to transmit in association with the method of any of aspects 41-53.

Aspect 82 is a computer-readable storage medium (e.g., a non-transitory computer-readable storage medium) storing computer executable code at a UE, the code when executed by one or more processors causes the UE to perform the method of any of aspects 41-53.

Aspect 83 is an apparatus for a service for wireless communication, comprising: one or more memories; and one or more processors coupled to the one or more memories and configured to cause the service to perform the method of any of aspects 54-64.

Aspect 84 is an apparatus for a service for wireless communication, comprising: one or more memories; and one or more processors coupled to the one or more memories and configured, individually or in any combination, to cause the service to perform the method of any of aspects 54-64.

Aspect 85 is an apparatus for a service for wireless communication, comprising means for performing each step in the method of any of aspects 54-64.

Aspect 86 is a service for wireless communication comprising: a processing system that includes processor circuitry and memory circuitry that stores code and is coupled with the processor circuitry, the processing system configured to cause the service to: perform the method of any of aspects 54-64.

Aspect 87 is a computer-readable storage medium (e.g., a non-transitory computer-readable storage medium) storing computer executable code at a service for wireless communication, the code when executed by one or more processors causes the service to perform the method of any of aspects 54-64.

Claims

An apparatus for an access control service for wireless communication, comprising:

one or more memories; and

one or more processors coupled to the one or more memories, wherein the one or more processors, are configured to cause the access control service to:

obtain, at the access control service, information for one or more services in a wireless network with a service-based architecture; and

provide, based on the information from the one or more services, an access control configuration for one or more cells.
The apparatus of claim 1, wherein the access control configuration includes one or more access control profiles generated based on the information received for the one or more services.
The apparatus of claim 1, wherein the one or more services includes one or more network nodes, and the information includes access control assistance information.
The apparatus of claim 3, wherein the information includes the access control assistance information from multiple network nodes.
The apparatus of claim 3, wherein the access control service is associated with a single network node.
The apparatus of claim 5, wherein the access control service is located at the single network node.
The apparatus of claim 1, wherein the access control configuration is for multiple cells provided by a network node.
The apparatus of claim 1, wherein the information includes one or more of:

a service load status for the one or more services,

a load percentage for the one or more services,

a service priority for the one or more services,

a network node load status,

a cell load status,

a radio resource load status,

an associated area, or

an associated time period.
The apparatus of claim 1, wherein the one or more processors are configured to cause the access control service to receive the information from the one or more services via an application programming interface (API) .
The apparatus of claim 1, wherein the one or more processors are further configured to cause the access control service to:

provide a service status query to the one or more services, wherein the information is received in response to the service status query; or

receive a request for the access control configuration, wherein the access control configuration is provided in response to the request.
An apparatus for wireless communication at a network node, comprising:

one or more memories; and

one or more processors coupled to the one or more memories, wherein the one or more processors are configured to cause the network node to:

provide information to an access control service in a wireless network;

receive an access control configuration from the access control service based, at least in part, on the information and additional information for one or more services of the wireless network; and

provide the access control configuration for at least one user equipment (UE) .
The apparatus of claim 11, wherein the access control configuration is for one or more cells provided by the network node.
The apparatus of claim 11, wherein the access control service is associated with multiple network nodes or is associated with a single network node, and is located at the network node.
The apparatus of claim 11, wherein the information includes one or more of:

a network node load status,

a cell load status,

a radio resource load status,

an associated area, or

an associated time period, and

wherein the additional information includes one or more of:

a service load status for the one or more services,

a load percentage for the one or more services,

a service priority for the one or more services,

an area associated with the additional information, or

a time period associated with the additional information.
The apparatus of claim 11, further comprising one or more antennas coupled to the one or more processors, wherein the one or more processors are further configured to cause the network node to:

receive a service status query from the access control service, wherein the information is provided in response to the service status query; or

provide a request for the access control configuration from the UE to the access control service, wherein the access control configuration is received in response to the request, and wherein the access control configuration is provided to the UE over a user plane.
An apparatus for wireless communication at a user equipment (UE) , comprising:

one or more memories; and

one or more processors coupled to the one or more memories, wherein the one or more processors are configured to cause the UE to:

receive an access control configuration from an access control service in a wireless network that has a service-based architecture; and

determine whether to access a service of the wireless network based on the access control configuration and at least one of incoming traffic or service information.
The apparatus of claim 16, wherein the one or more processors are configured to cause the UE to:

attempt to access a network node based on the access control configuration and the incoming traffic; or

attempt to access the service based on the access control configuration and the service information.
The apparatus of claim 16, wherein the access control configuration is in a system information block (SIB) .
The apparatus of claim 16, further comprising one or more antennas coupled to the one or more processors, wherein the one or more processors are further configured to cause the UE to:

transmit a request for the access control configuration, wherein the access control configuration is received over a user plane in response to the request; and

receive, prior to reception of the access control configuration, system information that indicates for the UE to download the access control configuration from the access control service.
The apparatus of claim 16, wherein to attempt to access the service based on the access control configuration, the one or more processors are configured to cause the UE to determine barring parameters based on the access control configuration and one or more of:

a UE type,

an access attempt,

service information,

a current area,

an access control (AC) profile, or

an associated time.